Scenario 3: Configuring Local Authorization for Local Users
172
Firebox SSL VPN Gateway
Silvio and Lisa are authorized to access any resource defined in the ACL of the Default user group
because No Authorization is specified as the authorization type of the Guest realm.
In this example, Silvio and Lisa can access only the Web conference server on the internal network
because that is the only network resource defined for the Default user group.
Scenario 3: Configuring Local Authorization for Local Users
By slightly altering the configuration discussed previously in the "Scenario for Creating Guest Accounts
Using the Local Users List", the administrator can provide local users (Lisa Marth and Silvio Branco) with
the same level of access to the internal network resources as either the Sales or the Engineering users.
This scenario illustrates the concept of local authorization for local users.
Assume the administrator wants to provide Lisa and Silvio with the same level of access as the Engineer-
ing users. To accomplish this, the administrator could perform two procedures:
• Change the authorization type of the Guest realm to Local Authorization
• Assign the local users Lisa Marth and Silvio Branco to the Remote Engineers group on the Firebox
SSL VPN Gateway
To assign local users Lisa Marth and Silvio Branco to the Remote Engineers group on the Firebox SSL
VPN Gateway, the administrator performs this procedure:
1
Click the
Access Policy Manager
tab.
2
Expand
User Groups
and then expand
Local Users
.
3
Under
Local Users
, click the name Lisa Marth and drag her name to
Local Group Users
underneath
the Remote Engineers user group.
4
Under
Local Users
, click the name Silvio Branco and drag his name to
Local Group Users
underneath the Remote Engineers user group.
When this procedure is complete, both of the following are true:
• Silvio Branco and Lisa Marth can enter the user credential "Guest\Silvio Branco" or "Guest\Lisa
Marth" to authenticate to the Guest realm on the Firebox SSL VPN Gateway.
• Silvio and Lisa are authorized to access any resource defined in the ACL of the Remote Engineers
user group because Local Authorization is specified as the authorization type of the Guest realm.
When Local Authorization is specified, local users receive the authorization associated with the user
group on the Firebox SSL VPN Gateway to which they are assigned. They do not receive the authoriza-
tion associated with the Default user group on the Firebox SSL VPN Gateway, as is the case when No
Authorization is selected for the Guest authentication realm.
Summary of Contents for SSL 1000
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway...
Page 190: ...180 Firebox SSL VPN Gateway...
Page 198: ...188 Firebox SSL VPN Gateway...