Chapter 26 User/Group
26.2.4.1The following table describes the
Table 137
COMMAND | DESCRIPTION |
[no] activate | Activates the specified condition. The no command deactivates the |
| specified condition. |
[no] authentication {force | Select the authentication requirement for users when their traffic matches |
required} | this policy. The no command means user authentication is not required. |
| force: Users need to be authenticated and the ZyWALL automatically |
| display the login screen when users who have not logged in yet try to send |
| HTTP traffic. |
| required: Users need to be authenticated. They must manually go to the |
| login screen. The ZyWALL will not redirect them to the login screen. |
|
|
[no] description description | Sets the description for the specified condition. The no command clears the |
| description. |
| description: You can use alphanumeric and ()+/:=?!*#@$_%- |
| characters, and it can be up to 60 characters long. |
[no] destination {address_object | Sets the destination criteria for the specified condition. The no command |
group_name} | removes the destination criteria, making the condition effective for all |
| destinations. |
|
|
[no] eps <1..8> eps_object_name | Associates the specified End Point Security (EPS) object with the specified |
| condition. The ZyWALL checks authenticated users’ computers against the |
| condition’s endpoint security objects in the order of 1 to 8. You have to |
| configure order 1 and then the others if any. The no command removes the |
| specified EPS object’s association with the condition. |
| To apply EPS for this condition, you have to also make sure you enable EPS |
| and set authentication to either required or force for this condition. |
|
|
[no] eps activate | Enables EPS for the specified condition. The no command means to disable |
| EPS for the condition. |
eps insert <1..8> eps_object_name | Inserts the specified EPS object for the condition. The number determines |
| the order that this EPS rule is executed in the condition. |
|
|
eps move <1..8> to <1..8> | Changes an endpoint object’s position in the execution order of the |
| condition. |
[no] eps | Sets a number of minutes the ZyWALL has to repeat the endpoint security |
<1..1440> | check. The no command means that the ZyWALL only perform the |
| endpoint security check when users log in to the ZyWALL. |
[no] force | Forces users to log in to the ZyWALL if the specified condition is satisfied. |
| The no command means that users do not log in to the ZyWALL. |
[no] schedule schedule_name | Sets the time criteria for the specified condition. The no command removes |
| the time criteria, making the condition effective all the time. |
[no] source {address_object | Sets the source criteria for the specified condition. The no command |
group_name} | removes the source criteria, making the condition effective for all sources. |
show | Displays information about the specified condition. |
The following commands show how to insert a force authentication policy at position 1 of the checking order. This policy applies endpoint security policies and uses the following settings:
• Activate: yes
234 |
|
ZyWALL (ZLD) CLI Reference Guide | |
|
|