ZyXEL Communications USG 2000 User Manual
Chapter 40 User/Group
ZyWALL USG 2000 User’s Guide
691
for a list of
attributes and how to set up the attributes in an external server.
Ext-Group-User Accounts
Ext-Group-User accounts work are similar to ext-user accounts but allow you to
group users by the value of the group membership attribute configured for the AD
or LDAP server. See
group users by the value of the group membership attribute configured for the AD
or LDAP server. See
for more on the group
membership attribute.
User Groups
User groups may consist of user accounts or other user groups. Use user groups
when you want to create the same rule for several user accounts, instead of
creating separate rules for each one.
when you want to create the same rule for several user accounts, instead of
creating separate rules for each one.
Note: You cannot put access users and admin users in the same user group.
Note: You cannot put the default admin account into any user group.
The sequence of members in a user group is not important.
User Awareness
By default, users do not have to log into the ZyWALL to use the network services it
provides. The ZyWALL automatically routes packets for everyone. If you want to
restrict network services that certain users can use via the ZyWALL, you can
require them to log in to the ZyWALL first. The ZyWALL is then ‘aware’ of the user
who is logged in and you can create ‘user-aware policies’ that define what services
they can use. See
provides. The ZyWALL automatically routes packets for everyone. If you want to
restrict network services that certain users can use via the ZyWALL, you can
require them to log in to the ZyWALL first. The ZyWALL is then ‘aware’ of the user
who is logged in and you can create ‘user-aware policies’ that define what services
they can use. See
for a user-aware login example.
Finding Out More
• See
for related information on these screens.
• See
for some information on users who use an
external authentication server in order to log in.
• See
for an example of configuring user accounts and
user groups as part of user-aware access control.
• See
for an example of how to use a RADIUS server to
authenticate user accounts based on groups.