SonicWALL 5.8.1 Manuale Utente
User Management
997
SonicOS 5.8.1 Administrator Guide
Creating entries for dozens of users and groups takes time, although once the entries are in
place they are not difficult to maintain. For networks with larger numbers of users, user
authentication using LDAP or RADIUS servers can be more efficient.
place they are not difficult to maintain. For networks with larger numbers of users, user
authentication using LDAP or RADIUS servers can be more efficient.
To apply Content Filtering Service (CFS) policies to users, the users must be members of local
groups and the CFS policies are then applied to the groups. To use CFS, you cannot use LDAP
or RADIUS without combining that method with local authentication. When using the combined
authentication method in order to use CFS policies, the local group names must be an exact
match with the LDAP or RADIUS group names. When using the LDAP + Local Users
authentication method, you can import the groups from the LDAP server into the local database
on the SonicWALL. This greatly simplifies the creation of matching groups, to which CFS
policies can then be applied.
groups and the CFS policies are then applied to the groups. To use CFS, you cannot use LDAP
or RADIUS without combining that method with local authentication. When using the combined
authentication method in order to use CFS policies, the local group names must be an exact
match with the LDAP or RADIUS group names. When using the LDAP + Local Users
authentication method, you can import the groups from the LDAP server into the local database
on the SonicWALL. This greatly simplifies the creation of matching groups, to which CFS
policies can then be applied.
The SonicOS user interface provides a way to create local user and group accounts. You can
add users and edit the configuration for any user, including settings for the following:
add users and edit the configuration for any user, including settings for the following:
•
Group membership - Users can belong to one or more local groups. By default, all users
belong to the groups Everyone and Trusted Users. You can remove these group
memberships for a user, and can add memberships in other groups.
belong to the groups Everyone and Trusted Users. You can remove these group
memberships for a user, and can add memberships in other groups.
•
VPN access - You can configure the networks that are accessible to a VPN client started
by this user. When configuring VPN access settings, you can select from a list of networks.
The networks are designated by their Address Group or Address Object names.
by this user. When configuring VPN access settings, you can select from a list of networks.
The networks are designated by their Address Group or Address Object names.
Note
The VPN access configuration for users and groups affects the ability of remote clients using
GVC, NetExtender, and SSL VPN Virtual Office bookmarks to access network resources. To
allow GVC, NetExtender, or Virtual Office users to access a network resource, the network
address objects or groups must be added to the “allow” list on the VPN Access tab.
GVC, NetExtender, and SSL VPN Virtual Office bookmarks to access network resources. To
allow GVC, NetExtender, or Virtual Office users to access a network resource, the network
address objects or groups must be added to the “allow” list on the VPN Access tab.
Internet
User
Workstation
Workstation
1
2
3
4
2
3
4
1
User attempts to access the web.
SNWL requires authentication of the User:
redirects workstation to authenticate.
redirects workstation to authenticate.
User authenticates with credentials.
SNWL Local Database authorizes or denies access based on User privileges.
E7500
Network Security Appliance