Chapter 7 Managing Users, Authentication, And Certificates; Configure Vpn Authentication Domains, Groups, And Users; Configure Domains - NETGEAR ProSafe SRX5308 Reference Manual

Managing Users, Authentication, and
7.
Certificates
This chapter describes how to manage users, authentication, and security certificates for IPSec
VPN and SSL VPN. This chapter contains the following sections:
•

Configure VPN Authentication Domains, Groups, and Users

• Manage Digital Certificates
Configure VPN Authentication Domains, Groups, and
Users
Users are assigned to a group, and a group is assigned to a domain. Therefore, you should
first create any domains, then groups, then user accounts.
You need to create name and password accounts for all users who should be able connect to
the VPN firewall. This includes administrators and SSL VPN clients. Accounts for IPSec VPN
clients are required only if you have enabled Extended Authentication (XAUTH) in your
IPSec VPN configuration.
Users connecting to the VPN firewall need to be authenticated before being allowed to
access the VPN firewall or the VPN-protected network. The login window that is presented to
the user requires three items: a user name, a password, and a domain selection. The domain
determines the authentication method that is used and, for SSL connections, the portal
layout that is presented.
Note: IPSec VPN users always belong to the default domain
(geardomain) and are not assigned to groups.
Except in the case of IPSec VPN users, when you create a user account, you need to specify
a group. When you create a group, you need to specify a domain.

Configure Domains

The domain determines the authentication method to be used for associated users. For SSL
connections, the domain also determines the portal layout that is presented, which in turn
219
7