Page 46 / 139 Scroll up to view Page 41 - 45
46
Users
User Authentication allows an administrator to grant or reject access to specific users from
specific IP addresses, based on their user credentials.
Before any traffic is allowed to pass through any policies configured with username or
groups, the user must first authenticate him/her-self. The DFL-1100 can either verify the user
against a local database or passes along the user information to an external authentication
server, which verifies the user and the given password, and transmits the result back to the
firewall. If the authentication is successful, the DFL-1100 will remember the source IP address
of this user, and any matching policies with usernames or groups configured will be allowed.
Specific policies that deal with user authentication can be defined, thus leaving policies that
not require user authentication unaffected.
The DFL-1100 supports the RADIUS (Remote Authentication Dial In User Service)
authentication protocol. This protocol is heavily used in many scenarios where user
authentication is required, either by itself or as a front-end to other authentication services.
The DFL-1100 RADIUS Support
The DFL-1100 can use RADIUS to verify users against for example Active Directory or
Unix password-file. It is possible to configure up to two servers, if the first one is down it will
try the second IP instead.
The DFL-1100 can use CHAP or PAP when communicating with the RADIUS server.
CHAP
(Challenge Handshake Authentication Protocol) does not allow a remote attacker to
extract the user password from an intercepted RADIUS packet. However, the password must
be stored in plaintext on the RADIUS server.
PAP
(Password Authentication Protocol) might
be defined as the less secure of the two. If a RADIUS packet is intercepted while being
transmitted between the firewall and the RADIUS server, the user password can be extracted,
given time. The upside to this is that the password does not have to be stored in plaintext in
the RADIUS server.
The DFL-1100 uses a shared secret when connecting to the RADIUS server. The shared
secret enables basic encryption of the user password when the RADIUS-packet is transmitted
from the firewall to the RADIUS server. The shared secret is case sensitive, can contain up to
100 characters, and must be typed exactly the same on both the firewall and the RADIUS
server.
Page 47 / 139
Enable User Authentication via HTTP / HTTPS
Follow these steps to enable User
Authentication.
Step 1.
Enable the checkbox for User
Authentication.
Step 2.
Specify if HTTP and HTTPS or
only HTTPS should be used for the login.
Step 3.
Specify the idle-timeout, the time a user can be idle before being logged out by the
firewall.
Step 4.
Choose new ports for the management WebUI to listen on as the user
authentication will use the same ports as the management WebUI is using..
Click the
Apply
button below to apply the setting or click
Cancel
to discard changes.
Enable RADIUS Support
Follow these steps to enable RADIUS
support.
Step 1.
Enable the checkbox for
RADIUS Support.
Step 2.
Fill in up to two RADIUS servers.
Step 3.
Specified which mode to use, PAP or CHAP.
Step 3.
Specify the shared secret for this connection.
Click the
Apply
button below to apply the setting or click
Cancel
to discard changes.
Page 48 / 139
48
Add User
Follow these steps to add a new user.
Step 1.
Click on
add
after the type of
user you would like to add, Admin or
Read-only.
Step 2.
Fill in
User name;
make sure
you are not trying to add one that
already exists.
Step 3.
Specified what groups the user
should be a member of.
Step 3.
Specify the password for the new user.
Click the
Apply
button below to apply the setting or click
Cancel
to discard changes.
Note:
The user name and password should be at least six characters long. The user
name and password can contain numbers (0-9) and upper and lower case letters (A-Z, a-
z). Special characters and spaces are not allowed.
Change User Password
To change the password of a user click on the user name and you will see the following
screen.
Follow these steps to change a users
password.
Step 1.
Click on the user you would like
to change level of.
Step 2.
Enable the
Change password
checkbox.
Step 3.
Enter the new password twice.
Click the
Apply
button below to apply
the setting or click Cancel to discard
changes.
Note
:
The password should be at least six characters long. The password can contain
numbers (0-9) and upper and lower case letters (A-Z, a-z). Special characters and spaces
are not allowed.
Page 49 / 139
Delete User
To delete a user click on the user name and you will see the following screen.
Follow these steps to delete a user.
Step 1.
Click on the user you would like
to change level of.
Step 2.
Enable the
Delete user
checkbox.
Click the
Apply
button below to apply
the setting or click Cancel to discard
changes.
Note:
Deleting a user is
irreversible;
once the user is deleted, it cannot be
undeleted.
Page 50 / 139
50
Schedules
It is possible to
configure a schedule
for policies to take
affect. By creating a
schedule, the DFL-
1100 is allowing the
firewall policies to be
used at those
designated times only.
Any activities outside
of the scheduled time
slot will not follow the
policies and will
therefore likely not be
permitted to pass
through the firewall.
The DFL-1100 can be
configured to have a
start time and stop
time, as well as
creating 2 different
time periods in a day.
For example, an
organization may only want the firewall to allow the internal network users to access
the Internet during work hours. Therefore, one may create a schedule to allow the
firewall to allow traffic Monday-Friday, 8AM-5PM only. During the non-work hours,
the firewall will not allow Internet access.
Add new recurring schedule
Follow these steps to add new recurring schedule.
Step 1.
Go to Firewall and Schedules and choose Add new.
Step 2.
Choose the starting and ending date and hour when the schedule should be active.
Step 3.
Use the checkboxes to set the times this schedule should be active. If all boxes
are checked the schedule will be active all the time from the starting to the ending date. If
all boxes are unchecked the schedule never will trigger.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top