Authentication Setup; Setup Summary; The Local Database; External Authentication Servers - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

8.2. Authentication Setup

8.2. Authentication Setup

8.2.1. Setup Summary

The following list summarizes the steps for User Authentication setup with NetDefendOS:
Set up a database of users, each with a username/password combination. This can exist locally in
a NetDefendOS User DB object, or remotely on a RADIUS server and will be designated as the
Authentication Source. Membership of an Authentication Group can optionally be specified for
each user.
Define a User Authentication Rule which describes which traffic is to be authenticated and
which Authentication Source will be used.
Define an IP object for the IP addresses of the clients that will be authenticated. Associate this
with an Authentication Group if required.
Set up IP rules to allow the authentication to take place and also to allow access to resources by
the clients belonging to the IP object set up in the previous step.
The following sections describe the components of these steps in detail.
Authentication Sources
The database that an Authentication Rule uses to check a user's username/password combination can
be one of two types:
The local user database internal to NetDefendOS.
A RADIUS server which is external to the D-Link Firewall.

8.2.2. The Local Database

The Local User Database is a built-in registry inside NetDefendOS which contains the profiles of
authorized users and user groups. Usernames and passwords can be entered into this database, and
users with the same privileges can be collected together into groups to make administration easier.
There are two default user groups, the administrators group and the auditors group. Users that are
members of the administrators group are allowed to change the NetDefendOS configuration, while
users that belong to the auditors group are only allowed to view the configuration. Press the buttons
under the Groups edit box to grant these group memberships to a user.

8.2.3. External Authentication Servers

The Need for Servers
In a larger network topology with a larger administration workload, it is often preferable to have a
central authentication database on a dedicated server. When there is more than one D-Link Firewall
in the network and thousands of users, maintaining separate authentication databases on each device
becomes problematic. Instead, an external authentication server can validate username/password
combinations by responding to requests from NetDefendOS. To provide this, NetDefendOS
supports the Remote Authentication Dial-in User Service (RADIUS) protocol.
RADIUS with NetDefendOS
221
Chapter 8. User Authentication

Advertisement

Table of Contents
loading

Table of Contents