Page 56 / 120 Scroll up to view Page 51 - 55
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
4-10
Setting Up User and Group Access Policies
v1.1, November 2006
The most specific policy will take precedence over less specific policies. For example, a policy
that applies to only one IP address will have priority over a policy that applies to a range of IP
addresses. If two policies apply to a single IP address, then a policy for a specific service (for
example RDP) will take precedence over a policy that applies to all services.
To define group access policies:
1.
In the Group Policies section of the Group Settings menu, click Add Policy. An Add Policy
menu displays.
2.
From the Apply Policy To pull-down menu, select whether the policy will be applied to a
predefined network resource, an individual host, a range of addresses or all addresses.
3.
In the Policy Name field, define a name for the policy.
4.
Select the appropriate policy:
Note:
User policies take precedence over all group policies and group policies take
precedence over all global policies, regardless of the policy definition (A
user
policy that allows access to all IP addresses will take precedence over a
group
policy that denies access to a single IP address).
Figure 4-8
Note:
SSL VPN Concentrator policies apply to the destination address(es) of the SSL
VPN connection, not the source address. You cannot permit or block a specific
IP address on the Internet from authenticating to the SSL VPN Concentrator
through the policy engine. That type of policy would need to be defined by a
firewall rule.
Page 57 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Setting Up User and Group Access Policies
4-11
v1.1, November 2006
If your policy applies to a predefined network resource, select the name of the resource
from the Defined Resource pull-down menu. For information about creating network
resources, refer to
“Using Network Resource Objects to Simplify Policies” on page 4-20
.
If your policy applies to a specific host, enter the IP address of the local host machine in
the IP Address field.
If your policy applies to a network, enter the network address and subnet bit mask (0-32)
in the Network and Subnet Mask fields.
5.
In the
Service
pull-down menu, select the service type. If you are applying a policy to a
network resource, the service type is defined in the Defined Resource field. .
6.
From the Status pull-down menu, select PERMIT or DENY to either permit or deny SSL VPN
connections for the specified service and host machine.
7.
Click Apply to update the configuration. Once the configuration has been updated, the new
group policy appears in the table in the Edit Group Settings menu.
The group policies in the Group Policies table are ranked by the order of priority, from the
highest priority policy to the lowest priority policy.
Defining and Editing Group Bookmarks
SSL VPN Concentrator bookmarks provide a convenient way for SSL VPN users to access
computers on the local area network that they will connect to frequently. Group bookmarks will
apply to all members of the specific group. When group bookmarks are defined, all group
members will see the defined bookmarks from the SSL VPN portal. Individual users will not be
able to delete or modify group bookmarks.
To define group bookmarks:
1.
In the Group Bookmarks section of the Group Settings menu, click Add Bookmark. An Add
Bookmark menu displays.
When group bookmarks are defined, all group members will see the defined bookmarks from
the SSL VPN Portal. Individual group members will not be able to delete or modify group
bookmarks.
Note:
Network Resources are configured in Network Resources
under the Access
Administration menu on the left navigation pane.
Page 58 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
4-12
Setting Up User and Group Access Policies
v1.1, November 2006
.
2.
In the Bookmark Name field, enter a descriptive name.
3.
In the Name or IP Address field, enter the domain name or the IP address of a host machine on
the LAN.
4.
From the Service pull-down menu, select the service type.
5.
If Terminal Services (RDP5) is selected, select the screen size that the bookmark will use from
the Screen Size drop-down menu.)
6.
Click Apply to update the configuration. Once the configuration has been updated, the new
group bookmark will be displayed on the Group Settings window. in the Group Bookmarks
table.
Deleting a Group
To delete a group that is the default group for an authentication domain, delete the corresponding
domain (you cannot delete the group in the Group Settings menu).
If a group is not the default group for an authentication domain, first delete all users in the group.
Then you can delete the group on the Group Settings page using the following steps.
To delete a group:
1.
Click the name of the group that you wish to remove from the Groups table. The Group
Settings menu displays.
Figure 4-9
Page 59 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Setting Up User and Group Access Policies
4-13
v1.1, November 2006
2.
In the Group Settings window, click Delete Group. The Users and Groups menu displays and
the deleted group no longer appears in the list of defined groups.
You can also delete a group by clicking its Delete
link..
Note:
A group cannot be deleted if
users
have been added to the group or if the group
is the default group created for an authentication domain.
Note:
The default group “geardomain” cannot be deleted.
Page 60 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
4-14
Setting Up User and Group Access Policies
v1.1, November 2006
Users Configuration
SSL VPN Concentrator users are defined from the Users and Groups menu. Under the Access and
Administration menu in the left navigation pane, select the Users and Groups option. The Users
and Groups menu displays.
Adding a New User
To create a new user:
Figure 4-10

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top