When configuring VPN access settings, you can select from a list of networks. VPN access - You can configure the networks that are accessible to a VPN client started by this user. You can remove these group memberships for a user, and can add memberships in other groups. By default, all users belong to the groups Everyone and Trusted Users. Group membership - Users can belong to one or more local groups. You can add users and edit the configuration for any user, including settings for the following: The SonicOS user interface provides a way to create local user and group accounts. This greatly simplifies the creation of matching groups, to which CFS policies can then be applied. When using the LDAP + Local Users authentication method, you can import the groups from the LDAP server into the local database on the SonicWALL. When using the combined authentication method in order to use CFS policies, the local group names must be an exact match with the LDAP or RADIUS group names. To use CFS, you cannot use LDAP or RADIUS without combining that method with local authentication. To apply Content Filtering Service (CFS) policies to users, the users must be members of local groups and the CFS policies are then applied to the groups. For networks with larger numbers of users, user authentication using LDAP or RADIUS servers can be more efficient. Creating entries for dozens of users and groups takes time, although once the entries are in place they are not difficult to maintain.
The local database is a good choice over LDAP or RADIUS for this purpose when the number of users accessing the network is relatively small. You can configure the SonicWALL to use this local database to authenticate users and control their access to the network. The SonicWALL security appliance provides a local database for storing user and group information.
Using Local Users and Groups for Authentication If you have more than 1000 users, you must use LDAP or RADIUS for authentication. The local database on the SonicWALL can support up to 1000 users. SSO can be used in conjunction with LDAP. SonicOS also provides Single Sign-On (SSO) capability. Users who log into a computer on the LAN, but perform only local tasks are not authenticated by the SonicWALL.User level authentication can be performed using a local user database, LDAP, RADIUS, or a combination of a local database with either LDAP or RADIUS. The SonicWALL authenticates all users as soon as they attempt to access network resources in a different zone (such as WAN, VPN, WLAN, etc.), which causes the network traffic to pass through the SonicWALL. You can also permit only authenticated users to access VPN tunnels and send data across the encrypted connection. SonicWALL security appliances provide a mechanism for user level authentication that gives users access to the LAN from remote locations on the Internet as well as a means to enforce or bypass content filtering policies for LAN users attempting to access the Internet.
0 kommentar(er)
