ZyXEL Communications ZyWALL 1000 用户手册
Chapter 34 User/Group
ZyWALL USG 1000 User’s Guide
505
34.1.2.2 Creating a Large Number of Ext-User Accounts
If you plan to create a large number of Ext-User accounts, you might use CLI commands,
instead of the web configurator, to create the accounts. Extract the user names from the LDAP
or RADIUS server, and create a shell script that creates the user accounts. See
instead of the web configurator, to create the accounts. Extract the user names from the LDAP
or RADIUS server, and create a shell script that creates the user accounts. See
for more information about shell scripts.
34.1.3 User Groups
Use user groups when you want to create the same rule for several user accounts, instead of
creating separate rules for each one. User groups may consist of user accounts or other user
groups, but you cannot put access users and admin users in the same user group.
creating separate rules for each one. User groups may consist of user accounts or other user
groups, but you cannot put access users and admin users in the same user group.
"
You cannot put access users and admin users in the same user group.
In addition, you cannot put the default admin account into any user group.
"
You cannot put the default admin account into any user group.
The sequence of members in a user group is not important.
34.1.4 Access Users and the ZyWALL
By default, access users do not have to log in to the ZyWALL to use the network services it
provides. The ZyWALL automatically routes packets for everyone. In this case, the ZyWALL
does not enforce any user-aware policies, but you can still set up policies based on IP address
or other criteria.
If you want to enforce user-aware policies, access users must log in to the ZyWALL first. In
this case, they should go to the appropriate IP address (or domain name, if you set up DNS) to
log in to the ZyWALL. (See
provides. The ZyWALL automatically routes packets for everyone. In this case, the ZyWALL
does not enforce any user-aware policies, but you can still set up policies based on IP address
or other criteria.
If you want to enforce user-aware policies, access users must log in to the ZyWALL first. In
this case, they should go to the appropriate IP address (or domain name, if you set up DNS) to
log in to the ZyWALL. (See
.) You can provide an incentive to do
this by preventing access users from using network services until they log in.
34.1.5 Force User Authentication Policy
Instead of making users to go to the Login screen manually, you can configure the ZyWALL
to display the Login screen automatically whenever it routes HTTP traffic for anyone who has
not logged in yet. Then, the ZyWALL can enforce user-aware policies.
to display the Login screen automatically whenever it routes HTTP traffic for anyone who has
not logged in yet. Then, the ZyWALL can enforce user-aware policies.
Figure 370 RADIUS Example: Keywords for User Attributes
type=user;leaseTime=222;reauthTime=222