Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 596 / 944 Scroll up to view Page 591 - 595

Chapter 35 User/Group

ZyWALL USG 50 User’s Guide

596

35.4.2

User Aware Login Example

Access users cannot use the Web Configurator to browse the configuration of the

ZyWALL. Instead, after access users log into the ZyWALL, the following screen

appears.

Figure 340

Web Configurator for Non-Admin Users

The following table describes the labels in this screen.

Table 177

Web Configurator for Non-Admin Users

LABEL

DESCRIPTION

User-defined

lease time

(max ...

minutes)

Access users can specify a lease time shorter than or equal to the one

that you specified. The default value is the lease time that you specified.

Renew

Access users can click this button to reset the lease time, the amount of

time remaining before the ZyWALL automatically logs them out. The

ZyWALL sets this amount of time according to the

•

User-defined lease time

field in this screen

•

Lease time

field in the

User Add/Edit

screen (see

Section 35.2.1

on page 586

)

•

Lease time

field in the

Setting

screen (see

Section 35.4 on page

591

)

Updating lease

time

automatically

This box appears if you checked the

Allow renewing lease time

automatically

box in the

Setting

screen. (See

Section 35.4 on page

591

.) Access users can select this check box to reset the lease time

automatically 30 seconds before it expires. Otherwise, access users have

to click the

Renew

button to reset the lease time.

Remaining

time before

lease timeout

This field displays the amount of lease time that remains, though the

user might be able to reset it.

Remaining

time before

auth. timeout

This field displays the amount of time that remains before the ZyWALL

automatically logs the access user out, regardless of the lease time.

Page 597 / 944

Chapter 35 User/Group

ZyWALL USG 50 User’s Guide

597

35.5

User /Group Technical Reference

This section provides some information on users who use an external

authentication server in order to log in.

Setting up User Attributes in an External Server

To set up user attributes, such as reauthentication time, in LDAP or RADIUS

servers, use the following keywords in the user configuration file.

The following examples show you how you might set up user attributes in LDAP

and RADIUS servers.

Creating a Large Number of Ext-User Accounts

If you plan to create a large number of

Ext-User

accounts, you might use CLI

commands, instead of the Web Configurator, to create the accounts. Extract the

user names from the LDAP or RADIUS server, and create a shell script that creates

the user accounts. See

Chapter 47 on page 737

for more information about shell

scripts.

Table 178

LDAP/RADIUS: Keywords for User Attributes

KEYWORD

CORRESPONDING ATTRIBUTE IN WEB CONFIGURATOR

type

User Type

. Possible Values: admin, limited-admin, user, guest.

leaseTime

Lease Time

. Possible Values: 1-1440 (minutes).

reauthTime

Reauthentication Time

. Possible Values: 1-1440 (minutes).

Figure 341

LDAP Example: Keywords for User Attributes

type: admin

leaseTime: 99

reauthTime: 199

Figure 342

RADIUS Example: Keywords for User Attributes

type=user;leaseTime=222;reauthTime=222

Page 598 / 944

Chapter 35 User/Group

ZyWALL USG 50 User’s Guide

598

Page 599 / 944

ZyWALL USG 50 User’s Guide

599

C

HAPTER

36

Addresses

36.1

Overview

Address objects can represent a single IP address or a range of IP addresses.

Address groups are composed of address objects and other address groups.

36.1.1

What You Can Do in this Chapter

• The

Address

screen (

Section 36.2 on page 599

) provides a summary of all

addresses in the ZyWALL. Use the

Address Add/Edit

screen to create a new

address or edit an existing one.

•

Use the

Address Group

summary screen (

Section 36.3 on page 602

) and the

Address Group Add/Edit

screen, to maintain address groups in the ZyWALL.

36.1.2

What You Need To Know

Address objects and address groups are used in dynamic routes, firewall rules,

application patrol, content filtering, and VPN connection policies. For example,

addresses are used to specify where content restrictions apply in content filtering.

Please see the respective sections for more information about how address objects

and address groups are used in each one.

Address groups are composed of address objects and address groups. The

sequence of members in the address group is not important.

•

See

Section 6.6 on page 105

for related information on these screens.

•

See

Section 7.12 on page 152

for how to create a public IP address range object

for using multiple static public WAN IP addresses for LAN to WAN traffic.

36.2

Address Summary Screen

The address screens are used to create, maintain, and remove addresses. There

are the types of address objects.

•

HOST

- a host address is defined by an

IP Address

.

Page 600 / 944

Chapter 36 Addresses

ZyWALL USG 50 User’s Guide

600

•

RANGE

- a range address is defined by a

Starting IP Address

and an

Ending

IP Address

.

•

SUBNET

- a network address is defined by a

Network

IP address and

Netmask

subnet mask.

The

Address

screen provides a summary of all addresses in the ZyWALL. To

access this screen, click

Configuration > Object

>

Address > Address

. Click a

column’s heading cell to sort the table entries by that column’s criteria. Click the

heading cell again to reverse the sort order.

Figure 343

Configuration > Object > Address > Address

The following table describes the labels in this screen. See

Section 36.2.1 on page

601

for more information as well.

Table 179

Configuration > Object > Address > Address

LABEL

DESCRIPTION

Add

Click this to create a new entry.

Edit

Double-click an entry or select it and click

Edit

to be able to modify the

entry’s settings.

Remove

To remove an entry, select it and click

Remove

. The ZyWALL confirms

you want to remove it before doing so.

Object

References

Select an entry and click

Object Reference

s to open a screen that

shows which settings use the entry. See

Section 11.3.2 on page 230

for

an example.

#

This field is a sequential value, and it is not associated with a specific

address.

Name

This field displays the configured name of each address object.

Type

This field displays the type of each address object. “

INTERFACE

” means

the object uses the settings of one of the ZyWALL’s interfaces.

Address

This field displays the IP addresses represented by each address object.

If the object’s settings are based on one of the ZyWALL’s interfaces, the

name of the interface displays first followed by the object’s current

address settings.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share