Chapter 24 Web Authentication
ZyWALL ATP Series User’s Guide
447
24.2.1 User-aware Access Control Example
You can configure many policies and security settings for specific users or groups of users. Users can be
authenticated locally by the Zyxel Device or by an external (RADIUS) authentication server.
In this example the users are authenticated by an external RADIUS server at 172.16.1.200. First, set up the
user accounts and user groups in the Zyxel Device. Then, set up user authentication using the RADIUS
server. Finally, set up the policies in the table above.
24.2.1.1 Set Up User Accounts
Set up user accounts in the RADIUS server. This example uses the Web Configurator. If you can export
user names from the RADIUS server to a text file, then you might configure a script to create the user
accounts instead.
1
Click
Configuration > Object > User/Group > User
. Click the
Add
icon.
2
Enter the same user name that is used in the RADIUS server, and set the
User Type
to
ext-user
because
this user account is authenticated by an external server. Click
OK
.
Authentication
Select the authentication requirement for users when their traffic matches this policy.
unnecessary
- Users do not need to be authenticated.
required
- Users need to be authenticated. If
Force User Authentication
is selected, all HTTP
traffic from unauthenticated users is redirected to a default or user-defined login page.
Otherwise, they must manually go to the login screen. The Zyxel Device will not redirect them to
the login screen.
Single Sign-on
This field is available for user-configured policies that require Single Sign-On (SSO). Select this to
have the Zyxel Device enable the SSO feature. You can set up this feature in the SSO screen.
Force User
Authentication
This field is available for user-configured policies that require authentication. Select this to have
the Zyxel Device automatically display the login screen when users who have not logged in yet
try to send HTTP traffic.
Authentication
Type
Select an authentication method.
default-web-portal
: the default login page built into the Zyxel Device.
default-user-agreement
: the default user agreement page built into the Zyxel Device.
OK
Click
OK
to save your changes back to the Zyxel Device.
Cancel
Click
Cancel
to exit this screen without saving.
Table 182 Configuration > Web Authentication > General > Add Authentication Policy (continued)
LABEL
DESCRIPTION