With this setup, when users that are not authenticated try to surf to any IP except
lan_ip
they will
fall through the rules and their packets will be dropped. To always have these users come to the
authentication page, a
SAT
rule and its associated
Allow
rule must be added. The rule set will now
look like this:
#
Action
Src Interface
Src Network
Dest Interface
Dest Network
Service
1
Allow
lan
lannet
core
lan_ip
http-all
2
NAT
lan
trusted_users
wan
all-nets
http-all
3
NAT
lan
lannet
wan
all-nets
dns-all
4
SAT
lan
lannet
wan
all-nets
all-to-one
127.0.0.1
http-all
5
Allow
lan
lannet
wan
all-nets
http-all
The
SAT
rule catches all unauthenticated requests and must be set up with an all-to-one address
mapping that directs them to the address
127.0.0.1
which corresponds to core (NetDefendOS
itself ).
Example 8.4. User Authentication Setup for Web Access
The configurations below shows how to enable HTTP user authentication for the user group
lan_group
on
lannet
. Only users that belong to the group
users
can get Web browsing service
after authentication, as it is defined in the IP rule.
It is assumed that the authentication IPv4 address object
lan_users_net
has been defined and this
has its
Groups
property set to
lan_group
. The group
lan_group
has been used as the
Groups
property of individual users in the
lan_users
database.
Web Interface
A. Set up an IP rule to allow HTTP authentication.
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2.
Now enter:
•
Name: http_auth
•
Action: Allow
•
Service: http-all
•
Source Interface: lan
•
Source Network: lannet
•
Destination Interface core
•
Destination Network lan_ip
3.
Click OK
B. Set up an Authentication Rule
1.
Go to: Policies > User Authentication > Authentication Rules > Add > User
Authentication Rule
Chapter 8: User Authentication
629
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...