ZyXEL Communications USG 2000 User Manual

 Chapter 40 User/Group

ZyWALL USG 2000 User’s Guide

 for a list of 

attributes and how to set up the attributes in an external server.

Ext-Group-User accounts work are similar to ext-user accounts but allow you to 
group users by the value of the group membership attribute configured for the AD 
or LDAP server. See 

 for more on the group 

membership attribute.

User groups may consist of user accounts or other user groups. Use user groups 
when you want to create the same rule for several user accounts, instead of 
creating separate rules for each one.

Note: You cannot put access users and admin users in the same user group.

Note: You cannot put the default admin account into any user group.

The sequence of members in a user group is not important.

By default, users do not have to log into the ZyWALL to use the network services it 
provides.  The ZyWALL automatically routes packets for everyone. If you want to 
restrict network services that certain users can use via the ZyWALL, you can 
require them to log in to the ZyWALL first. The ZyWALL is then ‘aware’ of the user 
who is logged in and you can create ‘user-aware policies’ that define what services 
they can use. See 

 for a user-aware login example.

• See 

 for related information on these screens.

• See 

 for some information on users who use an 

external authentication server in order to log in.

• See 

 for an example of configuring user accounts and 

user groups as part of user-aware access control. 

• See 

 for an example of how to use a RADIUS server to 

authenticate user accounts based on groups.