1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 117
Page 581 / 944 Scroll up to view Page 576 - 580
Chapter 34 Anti-Spam
ZyWALL USG 50 User’s Guide
581
If the ZyWALL receives conflicting DNSBL replies for an e-mail routing IP address,
the ZyWALL classifies the e-mail as spam. Here is an example.
Figure 333
Conflicting DNSBL Replies Example
1
The ZyWALL receives an e-mail that was sent from IP address a.b.c.d and relayed
by an e-mail server at IP address w.x.y.z. The ZyWALL sends a separate query to
each of its DNSBL domains for IP address a.b.c.d. The ZyWALL sends another
separate query to each of its DNSBL domains for IP address w.x.y.z.
2
DNSBL A replies that IP address a.b.c.d does not match any entries in its list (not
spam).
3
While waiting for a DNSBL reply about IP address w.x.y.z, the ZyWALL receives a
reply from DNSBL B saying IP address a.b.c.d is in its list.
4
The ZyWALL immediately classifies the e-mail as spam and takes the action for
spam that you defined in the anti-spam policy. In this example it was an SMTP
mail and the defined action was to drop the mail. The ZyWALL does not wait for
any more DNSBL replies.
DNSBL A
DNSBL B
DNSBL C
IPs: a.b.c.d
w.x.y.z
1
2
a.b.c.d Not spam
3
4
a.b.c.d?
w.x.y.z?
a.b.c.d?
w.x.y.z?
a.b.c.d?
w.x.y.z?
a.b.c.d Spam!
Page 582 / 944
Chapter 34 Anti-Spam
ZyWALL USG 50 User’s Guide
582
Page 583 / 944
ZyWALL USG 50 User’s Guide
583
C
HAPTER
35
User/Group
35.1
Overview
This chapter describes how to set up user accounts, user groups, and user settings
for the ZyWALL. You can also set up rules that control when users have to log in to
the ZyWALL before the ZyWALL routes traffic for them.
35.1.1
What You Can Do in this Chapter
• The
User
screen (see
Section 35.2 on page 586
) provides a summary of all user
accounts.
• The
Group
screen (see
Section 35.3 on page 589
) provides a summary of all
user groups. In addition, this screen allows you to add, edit, and remove user
groups. User groups may consist of access users and other user groups. You
cannot put admin users in user groups
• The
Setting
screen (see
Section 35.4 on page 591
) controls default settings,
login settings, lockout settings, and other user settings for the ZyWALL. You can
also use this screen to specify when users must log in to the ZyWALL before it
routes traffic for them.
35.1.2
What You Need To Know
User Account
A user account defines the privileges of a user logged into the ZyWALL. User
accounts are used in firewall rules and application patrol, in addition to controlling
access to configuration and services in the ZyWALL.
User Types
These are the types of user accounts the ZyWALL uses.
Table 170
Types of User Accounts
TYPE
ABILITIES
LOGIN METHOD(S)
Admin Users
admin
Change ZyWALL configuration (web, CLI)
WWW, TELNET, SSH, FTP,
Console
Page 584 / 944
Chapter 35 User/Group
ZyWALL USG 50 User’s Guide
584
Note: The default
admin
account is always authenticated locally, regardless of the
authentication method setting. (See
Chapter 39 on page 617
for more
information about authentication methods.)
Ext-User Accounts
Set up an
ext-user
account if the user is authenticated by an external server and
you want to set up specific policies for this user in the ZyWALL. If you do not want
to set up policies for this user, you do not have to set up an
ext-user
account.
All
ext-user
users should be authenticated by an external server, such as AD,
LDAP or RADIUS. If the ZyWALL tries to use the local database to authenticate an
ext-user
, the authentication attempt always fails. (This is related to AAA servers
and authentication methods, which are discussed in
Chapter 39 on page 617
and
Chapter 40 on page 627
, respectively.)
Note: If the ZyWALL tries to authenticate an
ext-user
using the local database, the
attempt always fails.
Once an
ext-user
user has been authenticated, the ZyWALL tries to get the user
type (see
Table 170 on page 583
) from the external server. If the external server
does not have the information, the ZyWALL sets the user type for this session to
User
.
For the rest of the user attributes, such as reauthentication time, the ZyWALL
checks the following places, in order.
1
User account in the remote server.
2
User account (Ext-User) in the ZyWALL.
3
Default user account for AD users (
ad-users
), LDAP users (
ldap-users
) or
RADIUS users (
radius-users
) in the ZyWALL.
limited-admin
Look at ZyWALL configuration (web, CLI)
Perform basic diagnostics (CLI)
WWW, TELNET, SSH, Console
Access Users
user
Access network services
Browse user-mode commands (CLI)
WWW, TELNET, SSH
guest
Access network services
WWW
ext-user
External user account
WWW
ext-group-user
External group user account
WWW
Table 170
Types of User Accounts (continued)
TYPE
ABILITIES
LOGIN METHOD(S)
Page 585 / 944
Chapter 35 User/Group
ZyWALL USG 50 User’s Guide
585
See
Setting up User Attributes in an External Server on page 597
for a list of
attributes and how to set up the attributes in an external server.
Ext-Group-User Accounts
Ext-Group-User
accounts work are similar to ext-user accounts but allow you to
group users by the value of the group membership attribute configured for the AD
or LDAP server. See
Section 39.2.1 on page 621
for more on the group
membership attribute.
User Groups
User groups may consist of user accounts or other user groups. Use user groups
when you want to create the same rule for several user accounts, instead of
creating separate rules for each one.
Note: You cannot put access users and admin users in the same user group.
Note: You cannot put the default
admin
account into any user group.
The sequence of members in a user group is not important.
User Awareness
By default, users do not have to log into the ZyWALL to use the network services it
provides.
The ZyWALL automatically routes packets for everyone. If you want to
restrict network services that certain users can use via the ZyWALL, you can
require them to log in to the ZyWALL first. The ZyWALL is then ‘aware’ of the user
who is logged in and you can create ‘user-aware policies’ that define what services
they can use. See
Section 35.4.2 on page 596
for a user-aware login example.
Finding Out More
See
Section 6.6.1 on page 106
for related information on these screens.
See
Section 35.5 on page 597
for some information on users who use an
external authentication server in order to log in.
See
Section 7.5 on page 122
for an example of configuring user accounts and
user groups as part of user-aware access control.
See
Section 7.6 on page 131
for an example of how to use a RADIUS server to
authenticate user accounts based on groups.

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top