The purpose of this is to restrict access to certain networks to a particular group by having IP rules
which will only apply to members of that group. To gain access to a resource there must be an IP
rule that allows it and the client must belong to the same group as the rule's Source Network group.
Granting Administration Privileges
When a user is defined, it can also be added to two default administration groups:
•
The administrators group
Members of this group can log into NetDefendOS through the Web Interface as well as through
the remote CLI interface and are allowed to edit the NetDefendOS configuration.
•
The auditors group
This is similar to the administrators group but members are only allowed to view the
configuration and cannot change it.
PPTP/L2TP Configuration
If a client is connecting to the NetDefend Firewall using PPTP/L2TP then the following three
options called also be specified for the local NetDefendOS user database:
•
Static Client IP Address
This is the IP address which the client must have if it is to be authenticated. If it is not specified
then the user can have any IP. This option offers extra security for users with fixed IP addresses.
•
Network behind user
If a network is specified for this user then when the user connects, a route is automatically added
to the NetDefendOS main routing table. This existence of this added route means that any traffic
destined for the specified network will be correctly routed through the user's PPTP/L2TP tunnel.
When the connection to the user ends, the route is automatically removed by NetDefendOS.
Caution: Use the network option with care
The administrator should think carefully what the consequences of using this
option will be. For example, setting this option to all-nets will possibly direct all
Internet traffic through the tunnel to this user.
•
Metric for Networks
If the Network behind user option is specified then this is the metric that will be used with the
route that is automatically added by NetDefendOS. If there are two routes which give a match
for the same network then this metric decides which should be used.
Note: Other authentication sources do not have the PPTP/L2TP
option
Specifying an SSH Public Key
With PPTP/L2TP clients, using a key is often an alternative to specifying a username and password.
A private key can be specified for a local database user by selecting a previously uploaded
NetDefendOS SSH Client Key object.
8.2.2. The Local Database
Chapter 8. User Authentication
364
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...