8.2. Authentication Setup
8.2.1. Setup Summary
The following list summarizes the steps for User Authentication setup with NetDefendOS:
•
Have an
authentication source
which consists of a database of users, each with a
username/password combination. Any of the following can be an authentication source:
i.
A local user database internal to NetDefendOS.
ii.
A
RADIUS server
which is external to the NetDefend Firewall.
iii.
An
LDAP Server
which is also external to the NetDefend Firewall.
•
Define an
Authentication Rule
which describes which traffic passing through the firewall is to
be authenticated and which
authentication source
will be used to perform the authentication.
These are described further in
Section 8.2.5, “Authentication Rules”
.
•
If required, define an IP object for the IP addresses of the clients that will be authenticated.
This can be associated directly with an authentication rule as the originator IP or can be
associated with an
Authentication Group
.
•
Set up IP rules to allow the authentication to take place and also to allow access to resources
by the clients belonging to the IP object set up in the previous step.
The sections that follow describe the components of these steps in detail. These are:
•
Section 8.2.2, “Local User Databases”
•
Section 8.2.3, “External RADIUS Servers”
•
Section 8.2.4, “External LDAP Servers”
•
Section 8.2.5, “Authentication Rules”
8.2.2. Local User Databases
A
Local User Database
is a registry internal to NetDefendOS which contains the profiles of
authorized users and user groups. Combinations of usernames/password can be entered into
these with passwords stored using reversible cryptography for security. By default, a single local
user database exists called
AdminUsers
. Extra databases can be created by the administrator as
required.
Example 8.1. Creating a Local User Database
This example shows how to create a new user database called
lan_users
.
Command-Line Interface
gw-world:/> add LocalUserDatabase lan_users
Chapter 8: User Authentication
610
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...