137

Chapter 10

User Authentication
WinRoute allows administrators to monitor connections (packet, connection, Web pages or
FTP objects and command filtering) related to each user. The username in each filtering rule
represents the IP address of the host(s) from which the user is connected (i.e. all hosts the
user is currently connected from). This implies that a user group represents all IP addresses
its members are currently connected from.
Besides access restrictions, user authentication can be used also for monitoring of their activ-
ities in the Kerio StaR interface (see chapter 21), in logs (see chapter 22), in the list of opened
connections (see chapter 19.2) and in the overview of hosts and users (see chapter 19.1). If
there is no user connected from a certain host, only the IP address of the host will be displayed
in the logs and statistics. In statistics, this host’s traffic will be included in the group of not
logged in users.

10.1 Firewall User Authentication

Any user with their own account in WinRoute can authenticate at the firewall (regardless their
access rights). Users can connect:
Manually — by opening the WinRoute web interface in their browser
https://server:4081/ or http://server:4080/
(the name of the server and the port numbers are examples only — see chapter 11).
It is also possible to authenticate for viewing of the web statistics (see chapter 21) at
https://server:4081/star or http://server:4080/star
Note: Login to the Web Administration interface at
https://server:4081/admin or http://server:4080/admin
is not equal to user authentication at the firewall (i.e. the user does not get authenti-
cated at the firewall by the login)!
Automatically — IP addresses of hosts from which they will be authenticated auto-
matically can be associated with individual users. This actually means that whenever
traffic coming from the particular host is detected, WinRoute assumes that it is cur-
rently used by the particular user , and the user is considered being authenticated
from the IP address. However, users may authenticate from other hosts (using the
methods described above).
IP addresses for automatic authentication can be set during definition of user account
(see chapter 15.1).
This authentication method is not recommended for cases where hosts are used by
multiple users (user’s identity might be misused easily).