Page 51 / 120 Scroll up to view Page 46 - 50
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Setting Up User and Group Access Policies
4-5
v1.1, November 2006
2.
From the Apply Policy To pull-down menu, select whether the policy will be applied to a
predefined network resource, an individual host, a network, or all addresses.
3.
In the Policy Name field, enter a name for the policy.
If your policy applies to a predefined network resource, select the name of the resource
from the Defined Resource menu. For information about creating network resources, refer
to
“Using Network Resource Objects to Simplify Policies” on page 4-20
.
If your policy applies to a specific host, enter the IP address of the local host machine in
the IP Address field.
If your policy applies to a network, enter the network address in the Network Address
field and the subnet mask in the Subnet Mask field.
4.
From the Service pull-down menu, select the service type. If you are applying a policy to a
network resource, the service type is defined in the network resource.
5.
From the Status pull-down menu, select PERMIT or DENY to either permit or deny SSL VPN
connections for the specified service and host machine.
6.
Click Apply to update the configuration. Once the configuration has been updated, the new
policy appears in the Global Policies table on the Global Settings screen.
The Global Policies will be displayed in the order of priority, from the highest priority policy
to the lowest priority policy.
Figure 4-3
Note:
SSL VPN Concentrator policies apply to the destination address(es) of the SSL
VPN connection, not the source address. You cannot permit or block a specific
IP address on the Internet from authenticating to the SSL VPN Concentrator
through the policy engine.
Page 52 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
4-6
Setting Up User and Group Access Policies
v1.1, November 2006
Defining and Editing Global Bookmarks
To define global bookmarks:
1.
In the Global Bookmarks section, click Add Bookmark. An Add Bookmark window displays.
When global bookmarks are defined, all members will see the defined bookmarks from the
SSL VPN portal. Individual users will not be able to delete or modify global bookmarks.
2.
In the Bookmark Name field, enter a descriptive name.
3.
In the Name or IP Address field, enter the domain name or the IP address of a host machine on
the LAN.
4.
From the Service pull-down menu, select the service type.
5.
If Terminal Services (RDP5) is selected, select the screen size that the bookmark will use from
the Screen Size drop-down menu.)
6.
Click Apply to update the configuration. Once the configuration has been updated, the new
global bookmark appears in the Global Bookmarks table on the Global Settings screen.
Groups Configuration
When configuring Groups, remember that user policies take precedence over all group policies
and group policies take precedence over all global policies, regardless of the policy definition. (A
user policy that allows access to all IP addresses will take precedence over a group policy that
denies access to a single IP address).
Figure 4-4
Page 53 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Setting Up User and Group Access Policies
4-7
v1.1, November 2006
SSL VPN Concentrator Groups are also defined from the Users and Groups menu. Under the
Access and Administration menu in the left navigation pane, select the Users and Groups option.
The Users and Groups menu displays
Adding a New Group
To create a new group:
1.
In the Users and Groups menu, click Add Group. The Add Group menu displays.
Figure 4-5
Page 54 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
4-8
Setting Up User and Group Access Policies
v1.1, November 2006
.
2.
In the Group Name field., enter a descriptive name for the group.
3.
In the Domain menu, select the appropriate domain. The domain will determine the
authentication method for the group.
4.
Click Apply to update the configuration. Once the group has been added, the new group
appears in the Groups table on the User and Groups menu.
All of the configured groups are displayed in the table in the Users and Groups menu. The
Groups are listed in alphabetical order.
Editing Group Settings
To edit group settings:
1.
In the Groups table, click the name of the group. The Edit Group Settings menu displays. The
general group information, including the Group Name, Domain Name, and Inactivity Timeout
are displayed. The Group Name and Domain Name are not configurable.
2.
In the Inactivity Timeout field, enter the number of minutes of inactivity to allow for users in
the group.
3.
Click Apply to save the configuration changes.
Figure 4-6
Page 55 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Setting Up User and Group Access Policies
4-9
v1.1, November 2006
You can set the inactivity timeout at the user, group and global level. Set the timeout as 0 in the
user and group configuration to use the global timeout setting. If multiple timeout settings are
configured, the user timeout setting will take precedence over the group timeout and the group
timeout will take precedence over the global timeout.
The maximum timeout setting is 2
32
or over 100,000 minutes, although setting the timeout to
0
on the Global Settings page disables the inactivity timeout (if 0 is also configured as the
inactivity timeout for the user and group).
Defining and Editing Group Policies
With group access policies, all traffic is allowed by default. You can create additional allow and
deny policies by destination address or address range and by service type.
Figure 4-7

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top