ZyXEL Communications ZLD User Manual
Chapter 26 User/Group
ZyWALL (ZLD) CLI Reference Guide
234
26.2.4.1 force-auth Sub-commands
The following table describes the sub-commands for several force-auth policy commands. Note that
not all rule commands use all the sub-commands listed here.
not all rule commands use all the sub-commands listed here.
26.2.4.2 Force Authentication Policy Insert Command Example
The following commands show how to insert a force authentication policy at position 1 of the
checking order. This policy applies endpoint security policies and uses the following settings:
checking order. This policy applies endpoint security policies and uses the following settings:
• Activate: yes
Table 137
force-auth policy Sub-commands
COMMAND
DESCRIPTION
[no] activate
Activates the specified condition. The
no
command deactivates the
specified condition.
[no] authentication {force |
required}
Select the authentication requirement for users when their traffic matches
this policy. The
this policy. The
no
command means user authentication is not required.
force
: Users need to be authenticated and the ZyWALL automatically
display the login screen when users who have not logged in yet try to send
HTTP traffic.
HTTP traffic.
required
: Users need to be authenticated. They must manually go to the
login screen. The ZyWALL will not redirect them to the login screen.
[no] description description
Sets the description for the specified condition. The
no
command clears the
description.
description
: You can use alphanumeric and
()+/:=?!*#@$_%-
characters, and it can be up to 60 characters long.
[no] destination {address_object |
group_name}
Sets the destination criteria for the specified condition. The
no
command
removes the destination criteria, making the condition effective for all
destinations.
destinations.
[no] eps <1..8> eps_object_name
Associates the specified End Point Security (EPS) object with the specified
condition. The ZyWALL checks authenticated users’ computers against the
condition’s endpoint security objects in the order of 1 to 8. You have to
configure order 1 and then the others if any. The no command removes the
specified EPS object’s association with the condition.
condition. The ZyWALL checks authenticated users’ computers against the
condition’s endpoint security objects in the order of 1 to 8. You have to
configure order 1 and then the others if any. The no command removes the
specified EPS object’s association with the condition.
To apply EPS for this condition, you have to also make sure you enable EPS
and set authentication to either required or force for this condition.
and set authentication to either required or force for this condition.
[no] eps activate
Enables EPS for the specified condition. The
no
command means to disable
EPS for the condition.
eps insert <1..8> eps_object_name
Inserts the specified EPS object for the condition. The number determines
the order that this EPS rule is executed in the condition.
the order that this EPS rule is executed in the condition.
eps move <1..8> to <1..8>
Changes an endpoint object’s position in the execution order of the
condition.
condition.
[no] eps periodical-check
<1..1440>
Sets a number of minutes the ZyWALL has to repeat the endpoint security
check. The
check. The
no
command means that the ZyWALL only perform the
endpoint security check when users log in to the ZyWALL.
[no] force
Forces users to log in to the ZyWALL if the specified condition is satisfied.
The
The
no
command means that users do not log in to the ZyWALL.
[no] schedule schedule_name
Sets the time criteria for the specified condition. The
no
command removes
the time criteria, making the condition effective all the time.
[no] source {address_object |
group_name}
Sets the source criteria for the specified condition. The
no
command
removes the source criteria, making the condition effective for all sources.
show
Displays information about the specified condition.