NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Setting Up User and Group Access Policies

4-15

v1.1, November 2006

1.

In the Users and Groups menu, click Add User. An Add User menu displays.

2.

In the User Name field, enter the user name for the user. This is the name the user will enter in

order to log into the SSL VPN portal.

3.

From the Group pull-down menu, select the name of the group to which the user belongs.

4.

Click Apply.

If the selected group is in a domain that uses external authentication, such as Active Directory,

RADIUS, NT Domain or LDAP, then the Add User menu will close and the new user will be

added to the Users and Groups table.

It is only necessary to enter RADIUS, LDAP, NT and Active Directory user names if you wish

to define specific policies or bookmarks per user. If users are

not

defined in the SSL VPN

Concentrator, then global policies and bookmarks will apply to users authenticating to an

external authentication server.

Figure 4-11

Note:

Groups configured to use Radius, LDAP, NT Domain or Active Directory

authentication do not require passwords because the external authentication

server will validate user names and passwords.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

4-16

Setting Up User and Group Access Policies

v1.1, November 2006

If the selected group is in a domain that uses internal database authentication, such as the

default “geardomain” domain, then the following window displays:

5.

In the Password field, enter the user’s password.

6.

In the Confirm Password field, re-enter the password.

7.

From the User Type pull-down menu, select the user type (either User or Administrator).

8.

Click Apply to update the configuration. Once the user has been added, the new user appears

in the table in the Users and Groups menu.

Editing a User

To edit a user:

1.

In the Users table in the Users and Groups menu, click the name of the user. The User Settings

menu displays as shown in

Figure 4-13

.

•

The Edit User Settings section shows the User Name, Group Name, and Domain Name.

These fields are not configurable. To modify information supplied in these fields, remove

the user by clicking Delete User and then recreate the user with the correct information.

•

If the user authenticates to an external authentication server, then the User Type and

Password fields are not shown. The password fields are not configurable because the

authentication server will validate the password. The user type is not configurable because

the SSL VPN Concentrator only allows users who authenticate to the internal user

database to have administrative privileges.

Figure 4-12

Note:

Both the user name and password are case-sensitive.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Setting Up User and Group Access Policies

4-17

v1.1, November 2006

.

2.

To modify the user password, enter the new user password in the Password field.

3.

In the Confirm Password field, enter the new password again.

4.

Click Apply to update the configuration

To change the user inactivity timeout:

1.

In the Inactivity Timeout field, enter the number of minutes of inactivity to allow.

2.

Click Apply to save the configuration changes.

Figure 4-13

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

4-18

Setting Up User and Group Access Policies

v1.1, November 2006

Defining and Editing User Policies

To define user access policies:

1.

In the Edit User Settings menu, click Add Policy. An Add Policy menu displays.

2.

In the Apply Policy To pull-down menu, select whether the policy will be applied to a

predefined network resource, an individual host, a network or all addresses.

3.

In the Policy Name field, enter a name for the policy.

•

If your policy applies to a predefined network resource, select the name of the resource

from the Defined Resource menu. For information about creating network resources, refer

to

“Using Network Resource Objects to Simplify Policies” on page 4-20

.

•

If your policy applies to a specific host, enter the IP address of the local host machine in

the IP Address field.

•

If your policy applies to a network, enter the network address in the Network Address

field and the subnet mask in the Subnet Mask field.

4.

From the Service pull-down menu, select the service type. If you are applying a policy to a

network resource, the service type is defined in the network resource.

5.

From the Status pull-down menu, select PERMIT or DENY to either permit or deny SSL VPN

connections for the specified service and host machine.

Figure 4-14

Note:

SSL VPN Concentrator policies apply to the destination address(es) of the SSL

VPN connection, not the source address. You cannot permit or block a specific

IP address on the Internet from authenticating to the SSL VPN Concentrator

through the policy engine.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Setting Up User and Group Access Policies

4-19

v1.1, November 2006

6.

Click Apply to update the configuration. Once the configuration has been updated, the new

policy appears in the Edit User Settings menu.

The user policies will be displayed in the Edit Users Settings screen in the User Policies table

in the order of priority, from the highest priority policy to the lowest priority policy.

Defining and Editing a User Bookmarks

To define user bookmarks:

1.

In the Edit User Settings menu, click Add Bookmark. An Add Bookmark menu displays.

When user bookmarks are defined, the user will see the defined bookmarks from the SSL VPN

portal. Individual user members will not be able to delete or modify bookmarks created by the

administrator.

2.

In the Bookmark Name field, enter a descriptive name.

3.

In the Name or IP Address field, enter the domain name or the IP address of a host machine on

the LAN.

4.

From the Service pull-down menu, select the service type.

5.

If Terminal Services (RDP5) is selected, select the screen size that the bookmark will use from

the Screen Size drop-down menu.)

6.

Click Apply to update the configuration. Once the configuration has been updated, the new

user bookmark appears in the User Bookmarks table in the Edit User Settings menu.

Figure 4-15