NETGEAR SSL312 manual Setting Up User and Group Access Policies, Determine Your Requirements

Page 47

Chapter 4 Setting Up User and Group Access Policies

This chapter describes how to define users and groups and how to configure SSL VPN Concentrator access policies and bookmarks for the users and groups. This chapter includes the following topics:

•Determine Your Requirements

•Users, Groups and Global Policies

•Global Policies

•Groups Configuration

•Users Configuration

•Using Network Resource Objects to Simplify Policies

Determine Your Requirements

The ProSafe SSL VPN Concentrator 25 provides an extremely flexible and granular architecture for managing users and groups. Depending on your requirements, you can implement a simple or complex policy structure. Some general guidelines are:

•If you have a small number of users, all with the same privileges, and no central authentication server, you can just add your users to the SSL VPN Concentrator’s local user database, using the default group and domain.

•If you use a RADIUS, LDAP, NT or Active Directory authentication server, you do not need to add individual users into the SSL VPN Concentrator unless you wish to define specific policies or bookmarks per user. Configure groups using the same group names as defined in your authentication server.

Note: When adding Group/Global policies, if the user is authenticated using an external repository such as Microsoft NT or RADIUS, then the user name must

be added to the local database. If the user is authenticate by the LDAP repository, then the user is added to the policy automatically.

4-1

v2.0, May 2007

Image 47

Contents Netgear ProSafe SSL VPN Concentrator SSL312 Reference Manual Technical Support Licensing Product and Publication Details Contents Chapter Authenticating Users Chapter Configuring the Remote Access Web Portal Chapter Monitoring and Logging Conventions, Formats and Scope About This ManualPrinting this Manual Using This ManualPrinting a Chapter Version Date Description of Changes Revision HistoryAbout the ProSafe SSL VPN Concentrator Key FeaturesChapter Introduction Microsoft Windows Web Browser RequirementsFront Panel What’s in the BoxHardware Description Back Panel Steps for Deploying the SSL312 V2.0, May Single Arm Chapter Installing the SSL312Choosing a Network Topology Routing Initial Connection to the SSL VPN Concentrator Https//192.168.1.1 Accessing the Management InterfaceV2.0, May Configuring Basic Network Settings V2.0, May Managing Certificates Installing the SSL VPN ConcentratorObtaining a Certificate from a Certificate Authority Generating a Self-Signed Certificate Uploading and Enabling the New Certificate V2.0, May Viewing and Deleting Certificates Steps for Further Configuration Authentication Domains Chapter Authenticating UsersLocal User Database Authentication Radius and NT Domain Authentication Configuring for Radius Domain Authentication Configuring for NT Domain Authentication Ldap Authentication Ldap Attribute Rules Sample Ldap AttributesQuerying an Ldap Server Sample Ldap Users and Attributes SettingsCN=Users,DC=yourdomain,DC=com Configuring for Ldap AuthenticationConfiguring for Windows Active Directory Authentication Active Directory AuthenticationV2.0, May Troubleshooting Active Directory Authentication Kerberos AuthenticationHttps//IP/Domain Name/portal/Portal Name Deleting a DomainV2.0, May Determine Your Requirements Setting Up User and Group Access PoliciesUsers, Groups and Global Policies Global Policies Editing Global Policy Settings Adding and Editing Global Policies Defining and Editing Global Bookmarks Adding a New Group Groups ConfigurationEditing Group Settings Defining and Editing Group Policies V2.0, May Defining and Editing Group Bookmarks Deleting a Group Users Configuration Adding a New User V2.0, May Editing a User V2.0, May Defining and Editing User Policies Defining and Editing a User Bookmarks Deleting a User Using Network Resource Objects to Simplify PoliciesV2.0, May V2.0, May V2.0, May V2.0, May Portal Layouts Configuring the Remote Access Web PortalPortal Options Portal Option Features for Remote UsersAdding Portal Layouts V2.0, May V2.0, May Adding Terminal Services Applications to the Portal Customizing the Banner Duplicating and Editing Portal Layouts Creating a Guide to Using the Portal V2.0, May Two Approaches for VPN SSL VPN Client Configuration Adding IP Address Ranges Adding Routes for VPN Tunnel Clients V2.0, May Configuring Applications for Port Forwarding Port Forwarding Applications/TCP Port Numbers SSH Configuring Host Name ResolutionSample SSL VPN Concentrator Configuration Chapter Additional System ConfigurationConfiguring Network Settings Default gateway address Firewall/Router address Network Interface and Default Gateway ConfigurationV2.0, May Static Route Configuration V2.0, May Network Host Table Settings Configuring DNS Settings V2.0, May Setting Date and Time System Configuration Utilities Exporting and Saving a Backup Configuration File Encrypting the Configuration FileImporting a Configuration File Upgrading the SSL VPN Concentrator Firmware Erasing the Configuration and Restoring the Default SettingsAdditional Notes on the Management Interface SSL VPN Concentrator Status Chapter Monitoring and LoggingMonitoring and Logging Active Users Event Log Log Settings Send Logs Weekly Schedule Send Logs Daily Schedule V2.0, May V2.0, May Diagnostics V2.0, May Factory Default Settings Appendix a Default Settings and Technical SpecificationsGMT Technical SpecificationsDocument Link Appendix B Related DocumentsV2.0, May Numerics IndexIndex-2 Index-3 Index-4 Index-5 Index-6

Related manuals

Manual 112 pages 5.2 Kb