SonicWALL 5.8.1 Manuale Utente
User Management
998
SonicOS 5.8.1 Administrator Guide
You can also add or edit local groups. The configurable settings for groups include the
following:
following:
•
Group settings - For administrator groups, you can configure SonicOS to allow login to the
management interface without activating the login status popup window.
management interface without activating the login status popup window.
•
Group members - Groups have members that can be local users or other local groups.
•
VPN access - VPN access for groups is configured in the same way as VPN access for
users. You can configure the networks that are accessible to a VPN client started by a
member of this group. When configuring VPN access settings, you can select from a list of
networks. The networks are designated by their Address Group or Address Object
names.
users. You can configure the networks that are accessible to a VPN client started by a
member of this group. When configuring VPN access settings, you can select from a list of
networks. The networks are designated by their Address Group or Address Object
names.
•
CFS policy - You can apply a content filtering (CFS) policy to group members. The CFS
policy setting is only available if the SonicWALL is currently licensed for Premium Content
Filtering Service.
policy setting is only available if the SonicWALL is currently licensed for Premium Content
Filtering Service.
Using RADIUS for Authentication
Remote Authentication Dial In User Service (RADIUS) is a protocol used by SonicWALL
security appliances to authenticate users who are attempting to access the network. The
RADIUS server contains a database with user information, and checks a user’s credentials
using authentication schemes such as Password Authentication Protocol (PAP), Challenge-
handshake authentication protocol (CHAP), Microsoft CHAP (MSCHAP), or MSCHAPv2.
security appliances to authenticate users who are attempting to access the network. The
RADIUS server contains a database with user information, and checks a user’s credentials
using authentication schemes such as Password Authentication Protocol (PAP), Challenge-
handshake authentication protocol (CHAP), Microsoft CHAP (MSCHAP), or MSCHAPv2.
While RADIUS is very different from LDAP, primarily providing secure authentication, it can also
provide numerous attributes for each entry, including a number of different ones that can be used
to pass back user group memberships. RADIUS can store information for thousands of users,
and is a good choice for user authentication purposes when many users need access to the
network.
provide numerous attributes for each entry, including a number of different ones that can be used
to pass back user group memberships. RADIUS can store information for thousands of users,
and is a good choice for user authentication purposes when many users need access to the
network.
E7500
Network Security Appliance
Internet
User
Workstation
Workstation
RADIUS Server
1
2
3
4
5
6
7
2
3
4
5
6
7
1
User attempts to access the web.
SNWL requires authentication of the User:
redirects workstation to authenticate.
redirects workstation to authenticate.
User authenticates with credentials.
SonicWALL sends the credentials to the
RADIUS server.
RADIUS server.
RADIUS Server authenticates the credentials and
responds, optionally with User Group Membership Information.
responds, optionally with User Group Membership Information.
RADIUS Group Membership is compared against
SonicWALL Group Membership for accessing privileges.
SonicWALL Group Membership for accessing privileges.
SNWL authorizes or denies access based on User privileges.