ZyXEL Communications ZyWALL 1000 User Manual

 Chapter 34 User/Group

ZyWALL USG 1000 User’s Guide

If you plan to create a large number of Ext-User accounts, you might use CLI commands, 
instead of the web configurator, to create the accounts. Extract the user names from the LDAP 
or RADIUS server, and create a shell script that creates the user accounts. See 

 for more information about shell scripts.

Use user groups when you want to create the same rule for several user accounts, instead of 
creating separate rules for each one. User groups may consist of user accounts or other user 
groups, but you cannot put access users and admin users in the same user group.

"

You cannot put access users and admin users in the same user group.

In addition, you cannot put the default admin account into any user group.

"

You cannot put the default admin account into any user group.

The sequence of members in a user group is not important.

By default, access users do not have to log in to the ZyWALL to use the network services it 
provides. The ZyWALL automatically routes packets for everyone. In this case, the ZyWALL 
does not enforce any user-aware policies, but you can still set up policies based on IP address 
or other criteria.
If you want to enforce user-aware policies, access users must log in to the ZyWALL first. In 
this case, they should go to the appropriate IP address (or domain name, if you set up DNS) to 
log in to the ZyWALL. (See 

.) You can provide an incentive to do 

this by preventing access users from using network services until they log in.

Instead of making users to go to the Login screen manually, you can configure the ZyWALL 
to display the Login screen automatically whenever it routes HTTP traffic for anyone who has 
not logged in yet. Then, the ZyWALL can enforce user-aware policies.

Figure 370   RADIUS Example: Keywords for User Attributes

type=user;leaseTime=222;reauthTime=222