The maximum time that a connection can exist (no value is specified by default).
If an authentication server is being used then the option to Use timeouts received from the
authentication server can be enabled to have these values set from the server.
Multiple Logins
An Authentication Rule can specify how multiple logins are handled where more than one user from
different source IP addresses try to login with the same username. The possible options are:
•
Allow multiple logins so that more than one client can use the same username/password
combination.
•
Allow only one login per username.
•
Allow one login per username and logout an existing user with the same name if they have been
idle for a specific length of time when the new login occurs.
8.2.6. Authentication Processing
The list below describes the processing flow through NetDefendOS for username/password
authentication:
1.
A user creates a new connection to the NetDefend Firewall.
2.
NetDefendOS sees the new user connection on an interface and checks the Authentication rule
set to see if there is a matching rule for traffic on this interface, coming from this network and
data which is one of the following types:
•
HTTP traffic
•
HTTPS traffic
•
IPsec tunnel traffic
•
L2TP tunnel traffic
•
PPTP tunnel traffic
3.
If no rule matches, the connection is allowed, provided the IP rule set permits it, and nothing
further happens in the authentication process.
4.
Based on the settings of the first matching authentication rule, NetDefendOS prompts the user
with an authentication request.
5.
The user replies by entering their identification information which is usually a
username/password pair.
6.
NetDefendOS validates the information against the Authentication Source specified in the
authentication rule. This will be either a local NetDefendOS database, an external RADIUS
database server or an external LDAP server.
7.
NetDefendOS then allows further traffic through this connection as long as authentication was
successful and the service requested is allowed by a rule in the IP rule set. That rule's Source
Network object has either the No Defined Credentials option enabled or alternatively it is
associated with a group and the user is also a member of that group.
8.
If a timeout restriction is specified in the authentication rule then the authenticated user will be
automatically logged out after that length of time without activity.
8.2.6. Authentication Processing
Chapter 8. User Authentication
374
Summary of Contents for NetDefend DFL-260E
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Page 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...