Chapter 7 Tutorials

7.5 How to Configure User-aware Access Control

You can configure many policies and security settings for specific users or groups of users. This is illustrated in the following example, where you will set up the following policies. This is a simple example that does not include priorities for different types of traffic. See Bandwidth Management on page 439 for more on bandwidth management.

Table 18 User-aware Access Control Example

GROUP (USER)

WEB

WEB

MSN

LAN1-TO-

SURFING

BANDWIDTH

DMZ ACCESS

Finance (Leo)

Yes

200K

No

Yes

 

 

 

 

 

Engineer (Steven)

Yes

100K

No

No

 

 

 

 

 

Sales (Debbie)

Yes

100K

Yes (M-F, 08:30~18:00)

Yes

 

 

 

 

 

Boss (Andy)

Yes

100K

Yes

Yes

 

 

 

 

 

Guest (guest)

Yes

50K

No

No

 

 

 

 

 

Others

No

---

No

No

 

 

 

 

 

The users are authenticated by an external RADIUS server at 192.168.1.200.

First, set up the user accounts and user groups in the ZyWALL. Then, set up user authentication using the RADIUS server. Finally, set up the policies in the table above.

The ZyWALL has its default settings.

7.5.1 Set Up User Accounts

Set up one user account for each user account in the RADIUS server. If it is possible to export user names from the RADIUS server to a text file, then you might create a script to create the user accounts instead. This example uses the Web Configurator.

1Click Configuration > Object > User/Group > User. Click the Add icon.

122

 

ZyWALL USG 50 User’s Guide