Page 126 / 944
Scroll up to view Page 121 - 125
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
126
Note: The users will have to log in using the Web Configurator login screen before
they can use HTTP or MSN.
Figure 75
Configuration > Object > User/Group > Setting > Add (Force User
Authentication Policy)
When the users try to browse the web (or use any HTTP/HTTPS application), the
Login
screen appears. They have to log in using the user name and password in
the RADIUS server.
7.5.4
Web Surfing Policies With Bandwidth Restrictions
Use application patrol (AppPatrol) to enforce the web surfing and MSN policies.
You must have already subscribed for the application patrol service. You can
subscribe using the
Configuration > Licensing > Registration
screens or using
one of the wizards.
Page 127 / 944
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
127
1
Click
Configuration > AppPatrol
. If application patrol and bandwidth
management are not enabled, enable them, and click
Apply
.
Figure 76
Configuration > AppPatrol > General
2
Click the
Common
tab and double-click the
http
entry.
Figure 77
Configuration > AppPatrol > Common
Page 128 / 944
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
128
3
Double-click the
Default
policy.
Figure 78
Configuration > AppPatrol > Common > http
4
Change the access to
Drop
because you do not want anyone except authorized
user groups to browse the web. Click
OK
.
Figure 79
Configuration > AppPatrol > Common > http > Edit Default
Page 129 / 944
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
129
5
Click the
Add
icon in the policy list. In the new policy, select one of the user
groups that is allowed to browse the web and set the corresponding bandwidth
restriction in the
Inbound
and
Outbound
fields. Click
OK
. Repeat this process to
add exceptions for all the other user groups that are allowed to browse the web.
Figure 80
Configuration > AppPatrol
> Common> http > Edit Default
7.5.5
Set Up MSN Policies
Set up a recurring schedule object first because Sales can only use MSN during
specified times on specified days.
1
Click
Configuration > Object > Schedule
. Click the
Add
icon for recurring
schedules.
Page 130 / 944
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
130
2
Give the schedule a descriptive name. Set up the days (Monday through Friday)
and the times (8:30 - 18:00) when Sales is allowed to use MSN. Click
OK
.
Figure 81
Configuration > Object > Schedule > Add (Recurring)
3
Follow the steps in
Section 7.5.4 on page 126
to set up the appropriate policies for
MSN in application patrol. Make sure to specify the schedule when you configure
the policy for the Sales group’s MSN access.
7.5.6
Set Up Firewall Rules
Use the firewall to control access from LAN to the DMZ.
1
Click
Configuration > Firewall
>
Add
. Set the
From
field as
LAN1
and the
To
field as
DMZ
. Set the
Access
field to
deny
, and click
OK
.
Figure 82
Configuration > Firewall > LAN to DMZ > Add
19216811.live