SonicWALL SSL-VPN 2000 Administrator's Manual page 257

Users > Local Groups
Bookmark Support for External (Non-Local) Users
The Virtual Office bookmark system allows bookmarks to be created at both the group and user
levels. The administrator can create both group and user bookmarks which will be propagated
to applicable users, while individual users can create only personal bookmarks.
Since bookmarks are stored within the SonicWALL SSL-VPN's local configuration files, it is
necessary for group and user bookmarks to be correlated to defined group and user entities.
When working with local (LocalDomain) groups and users, this is automated since the
administrator must manually define the groups and users on the appliance. Similarly, when
working with external (non-LocalDomain, for example, RADIUS, NT, LDAP) groups, the
correlation is automated since creating an external domain creates a corresponding local
group.
However, when working with external (non-LocalDomain) users, a local user entity must exist
so that any user-created (personal) bookmarks can be stored within the SonicWALL SSL-VPN's
configuration files. The need to store bookmarks on the SonicWALL SSL-VPN itself is because
LDAP, RADIUS, and NT Authentication external domains do not provide a direct facility to store
such information as bookmarks.
Rather than requiring administrators to manually create local users for external domain users
to use personal bookmarks, SonicWALL SSL VPN automatically creates a corresponding local
user entity upon user login. Bookmarks can be added to the locally-created user.
For example, if a RADIUS domain called myRADIUS is created, and RADIUS user jdoe logs on
to the SonicWALL SSL-VPN, the moment jdoe adds a personal bookmark, a local user called
jdoe will be created on the SonicWALL SSL-VPN appliance as type External, and can then be
managed like any other local user by the administrator. The external local user will remain until
deleted by the administrator.
Adding a RADIUS Group
Before configuring RADIUS groups, ensure that the RADIUS Filter-Id option is enabled for
Note
the RADIUS Domain to which your group is associated. This option is configured in the
Portals > Domains page.
The RADIUS Groups tab allows the administrator to enable user access to the SSL-VPN based
on existing RADIUS group memberships. By adding one or more RADIUS groups to an SSL
VPN group, only users associated with specified RADIUS group(s) are allowed to login. To add
a RADIUS group, perform the following steps:
In the Users > Local Groups page, click the configure button for the RADIUS group you want
Step 1
to configure.
In the RADIUS Groups tab and click the Add Group... button. The Add RADIUS Group page
Step 2
displays.
Enter the RADIUS Group name in the corresponding field. The group name must match the
Step 3
RADIUS Filter-Id exactly.
Click the Add button. The group displays in the RADIUS Groups section.
Step 4
244 SonicWALL SSL VPN 4.0 Administrator's Guide