ZyXEL Communications 200 Series Benutzerhandbuch

Chapter 6 Tutorials

ZyWALL USG 100/200 Series User’s Guide

148

6.5 How to Configure User-aware Access Control

You can configure many policies and security settings for specific users or groups of users.
This is illustrated in the following example, where you will set up the following policies. This
is a simple example that does not include priorities for different types of traffic. See

Bandwidth Management on page 444

for more on bandwidth management.

The users are authenticated by an external RADIUS server at 192.168.1.200.

First, set up the user accounts and user groups in the ZyWALL. Then, set up user
authentication using the RADIUS server. Finally, set up the policies in the table above.

The ZyWALL has its default settings.

6.5.1 How to Set Up User Accounts

Set up one user account for each user account in the RADIUS server. If it is possible to export
user names from the RADIUS server to a text file, then you might create a script to create the
user accounts instead. This example uses the web configurator.

1 Click Object > User/Group > User. Click the Add icon.
2 Enter the same user name that is used in the RADIUS server, and set the User Type to

Ext-User because this user account is authenticated by an external server. Click OK.

Figure 84 Object > User/Group > User > Add

3 Repeat this process to set up the remaining user accounts.

6.5.2 How to Set Up User Groups

Set up the user groups and assign the users to the user groups.

1 Click Object > User/Group > Group. Click the Add icon.

Table 31 User-aware Access Control Example

GROUP (USER)

WEB SURFING

WEB
BANDWIDTH

MSN

LAN1-TO-DMZ
ACCESS

Finance (Leo)

Yes

200K

Yes

Engineer (Steven)

Yes

100K

Sales (Debbie)

Yes

100K

Yes (M-F, 08:30~18:00)

Yes

Boss (Andy)

Yes

100K

Yes

Guest (guest)

Yes

50K

Others

---