1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 59
Page 291 / 414 Scroll up to view Page 286 - 290
Manage Users, Authentication, and VPN Certificates
291
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Authentication Type
(continued)
Note:
If you select
any type of RADIUS
authentication, make
sure that one or more
RADIUS servers are
configured (see
RADIUS Client and
Server Configuration
on page 235).
Radius-CHAP
. RADIUS Challenge Handshake Authentication Protocol (CHAP).
Complete the following fields:
- Authentication Server
- Authentication Secret
Radius-MSCHAP
. RADIUS Microsoft CHAP. Complete the following fields:
- Authentication Server
- Authentication Secret
Radius-MSCHAPv2
. RADIUS Microsoft CHAP version 2. Complete the following
fields:
- Authentication Server
- Authentication Secret
WIKID-PAP
. WiKID Systems PAP. Complete the following fields:
- Authentication Server
- Authentication Secret
WIKID-CHAP
. WiKID Systems CHAP. Complete the following fields:
- Authentication Server
- Authentication Secret
MIAS-PAP
. Microsoft Internet Authentication Service (MIAS) PAP. Complete the
following fields:
- Authentication Server
- Authentication Secret
MIAS-CHAP
. Microsoft Internet Authentication Service (MIAS) CHAP. Complete
the following fields:
- Authentication Server
- Authentication Secret
NT Domain
. Microsoft Windows NT Domain. Complete the following fields:
- Authentication Server
- Workgroup
Active Directory
. Microsoft Active Directory. Complete the following fields, and
make a selection from the LDAP Encryption drop-down list:
- Authentication Server
- Active Directory Domain
LDAP
. Lightweight Directory Access Protocol (LDAP). Complete the following
fields, and make a selection from the LDAP Encryption drop-down list:
- Authentication Server
- LDAP Base DN
Select Portal
The portal that is assigned to this domain and that is presented to the user to enter
credentials. The default portal is SSL-VPN.
Authentication Server
The server IP address or server name of the authentication server for any type of
authentication other than authentication through the local user database.
Authentication Secret
The authentication secret or password that is required to access the authentication
server for RADIUS, WiKID, or MIAS authentication.
Workgroup
The workgroup that is required for Microsoft NT Domain authentication.
Table 71.
Add Domain screen settings (continued)
Setting
Description
Page 292 / 414
Manage Users, Authentication, and VPN Certificates
292
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
4.
Click
Apply
to save your settings. The domain is added to the List of Domains table.
5.
If you use local authentication, make sure that it is not disabled: in the Local Authentication
section of the Domain screen (see
Figure 176
on page 289), select the
No
radio button.
Note:
A combination of local and external authentication is supported.
WARNING:
If you disable local authentication, make sure that there is at least
one external administrative user; otherwise, access to the
wireless VPN firewall is blocked.
6.
If you do change local authentication, click
Apply
in the Domain screen to save your
settings.
To delete one or more domains:
1.
In the List of Domains table, select the check box to the left of each domain that you
want to delete, or click the
Select All
table button to select all domains.
2.
Click the
Delete
table button.
Note:
You cannot delete the geardomain default domain.
LDAP Base DN
The LDAP distinguished name (DN) that is required to access the LDAP
authentication server. This should be a user in the LDAP directory who has read
access to all the users that you would like to import into the wireless VPN firewall.
The Bind DN field accepts two formats:
A display name in the DN format
. For example:
cn=Jamie Hanson,cn=users,dc=test,dc=com.
A Windows login account name in email format
. For example:
[email protected]. This last type of bind DN can be used only for a Windows
LDAP server.
Active Directory
Domain
The Active Directory domain name that is required for Microsoft Active Directory
authentication.
Table 71.
Add Domain screen settings (continued)
Setting
Description
Page 293 / 414
Manage Users, Authentication, and VPN Certificates
293
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Edit Domains
To edit a domain:
1.
Select
Users > Domains
. The Domains screen displays (see
Figure 176
on page 289).
2.
In the Action column of the List of Domains table, click the
Edit
table button for the domain
that you want to edit. The Edit Domains screen displays. This screen is very similar to the
Add Domains screen (see the previous figure).
3.
Modify the settings as explained in the previous table. (You cannot modify the Domain Name
and Authentication Type fields.)
4.
Click
Apply
to save your changes. The modified domain is displayed in the List of Domains
table.
Note:
You cannot edit the geardomain default domain.
Configure Groups
The use of groups simplifies the configuration of VPN policies when different sets of users
have different restrictions and access controls. It also simplifies the configuration of web
access exception rules. Like the default domain of the wireless VPN firewall, the default
group is also named geardomain. The default group geardomain is assigned to the default
domain geardomain. You cannot delete the default domain geardomain, nor its associated
default group geardomain.
IMPORTANT:
When you create a new domain on the Domains screen (see the
previous section), a group with the same name as the new domain
is created automatically. You cannot delete such a group. However,
when you delete the domain with which it is associated, the group
is deleted automatically.
Note:
IPSec VPN users always belong to the default domain (geardomain)
and are not assigned to groups.
Note:
Groups that are defined on the Groups screen are used for setting
SSL VPN policies. These groups should not be confused with LAN
groups that are defined on the IPv4 LAN Groups screen and that are
used to simplify firewall policies. For information about LAN groups,
see
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
on page 64.
Page 294 / 414
Manage Users, Authentication, and VPN Certificates
294
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Create Groups
To create a VPN group:
1.
Select
Users > Groups
. The Groups screen displays. (The following figure shows the
wireless VPN firewall’s default group—geardomain—and, as an example, several other
groups in the List of Groups table.)
Figure 178.
The List of Groups table displays the VPN groups with the following fields:
Check box
.
Allows you to select the group in the table.
Name
. The name of the group. The name of the default group (geardomain) that is
assigned to the default domain (also geardomain) is appended by an asterisk.
Note:
When you create a new domain on the Domains screen, a group with
the same name as the new domain is created automatically. You cannot delete
such a group on the Groups screen. However, when you delete the domain with
which the group is associated, the group is deleted automatically.
Domain
. The name of the domain to which the group is assigned.
Action
. The Edit table button, which provides access to the Edit Group screen.
2.
Under the List of Groups table, click the
Add
table button. The Add Group screen displays:
Page 295 / 414
Manage Users, Authentication, and VPN Certificates
295
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 179.
3.
Complete the settings as explained in the following table:
4.
Click
Apply
to save your changes. The new group is added to the List of Groups table.
To delete one or more groups:
1.
In the List of Groups table, select the check box to the left of each group that you want
to delete, or click the
Select All
table button to select all groups.
2.
Click the
Delete
table button.
Note:
You can delete only groups that you created on the Groups screen.
Groups that were automatically created when you created a domain
cannot be deleted on the Groups screen. See the Important note at
the beginning of this section.
Edit Groups
For groups that were automatically created when you created a domain, you can modify only
the idle time-out settings but not the group name or associated domain.
For groups that you created on the Add Groups screen, you can modify the domain and the
idle time-out settings but not the group name.
Table 72.
Add Group screen settings
Setting
Description
Name
A descriptive (alphanumeric) name of the group for identification and management
purposes.
Domain
The drop-down list shows the domains that are listed on the Domain screen. From the
drop-down list, select the domain with which the group is associated. For information
about how to configure domains, see
Configure Domains
on page 289.
Idle Timeout
The period after which an idle user is automatically logged out of the wireless VPN
firewall’s web management interface. The default idle time-out period is 10 minutes.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top