A Group Usage Example; Http Authentication - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
8.2.7. A Group Usage Example
authentication rule. This will be either a local NetDefendOS database, an external RADIUS
database server or an external LDAP server.
6.
NetDefendOS then allows further traffic through this connection as long as authentication was
successful and the service requested is allowed by a rule in the IP rule set. That rule's Source
Network object has either the No Defined Credentials option enabled or alternatively it is
associated with a group and the user is also a member of that group.
7.
If a timeout restriction is specified in the authentication rule then the authenticated user will be
automatically logged out after that length of time without activity.
Any packets from an IP address that fails authentication are discarded.
8.2.7. A Group Usage Example
To illustrate authentication group usage, suppose that there are a set of users which will login from
the network 192.168.1.0/24 which is connected to the lan interface. The requirement is to restrict
access to a network called important_net on the int interface to just one group of trusted users, while
the other less-trusted users can only access another network called regular_net on the dmz interface.
Assuming that we are using the internal database of users as the authentication source, we add the
users to this database with appropriate username/password pairs and a specific Group string. One
set of users would be assigned to the group with the name trusted and the other to the group with the
name untrusted.
We now define two IP objects for the same network 192.168.1.0/24. One IP object is called
untrusted_net and has its Group parameter set to the string untrusted. The other IP object is called
trusted_net and its Group parameter is set to the string trusted.
The final step is to set up the rules in the IP rule set as shown below:
#
1
2
If we wanted to allow the trusted group users to also be able to access the regular network we could
add a third rule to permit this:
#
1
2
3
8.2.8. HTTP Authentication
Where users are communicating through a web browser using the HTTP or HTTPS protocol then
authentication is done by NetDefendOS presenting the user with HTML pages to retrieve required
user information. This is sometimes also referred to as WebAuth and the setup requires further
considerations.
The Management Web Interface Port Must Be Changed
HTTP authentication will collide with the Web Interface's remote management service which also
uses TCP port 80 by default. To avoid this problem, the Web Interface port number must be
changed before configuring authentication.
Do this by going to Remote Management > Advanced settings in the Web Interface and changing
Action
Src Interface
Allow
lan
Allow
lan
Action
Src Interface
Allow
lan
Allow
lan
Allow
int
405
Src Network Dest Interface Dest Network
trusted_net
int
untrusted_net
dmz
Src Network Dest Interface Dest Network
trusted_net
int
trusted_net
dmz
untrusted_net
dmz
Chapter 8. User Authentication
Service
important_net
all_services
regular_net
all_services
Service
important_net
all_services
regular_net
all_services
regular_net
all_services
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
