“Authentication policy” tab
The filter table allows you to define the rules of the authentication policy to be applied through
the firewall. High-priority rules are placed on top. The firewall executes rules in their order of
appearance in the list (rule no. 1, 2 and so on) and stops as soon as it reaches a rule that
matches the traffic that it processes. It is therefore important to define rules from most specific
to most general.
If no rules have been defined in the policy or if the traffic does not match any of the specified
rules, the Default method will be applied. If this method has not been configured or the action has
been set to Block, all authentication attempts will be denied.
Actions on the rules of the authentication policy
Search by user This field allows searching by user login. The rules assigned to this user appear in the
table.
Example: If you enter “user1” in the field, all rules in the policy with “user1” as their
source will appear in the table.
New rule Inserts a rule – predefined or to be defined – after the selected line. There are 2
possible choices.
l Standard rule: an authentication wizard will appear when this is selected. Please
refer to the following chapter to see the options offered in each screen.
l Guest method rule: this wizard offers to create an authentication rule through the
Guest method. This method cannot be combined with other methods within the
same rule as it does not require authentication.
NOTE
The User object to select to match the Guest method is “All”.
NOTE
This method is incompatible with multi-user objects; all users connected in
Guest mode must have different IP addresses.
l Temporary account rule: this wizard offers to create an authentication rule through
the Temporary account method. This method cannot be combined with other
methods within the same rule.
l Sponsorship rule: this wizard offers to create an authentication rule through the
Sponsorship method. This method cannot be combined with other methods within
the same rule as it does not require authentication.
l Separator – rule grouping : This option allows inserting a separator above the
selected line and helps to improve the authentication policy’s readability and
visibility.
It may allow the administrator to prioritize rules, for example, or group those that
redirect traffic to different servers. You can collapse or expand the node of the
separator in order to show or hide the rule grouping. You can also copy/paste a
separator from one location to another.
Delete Deletes the selected line.
Move up Places the selected line before the line just above it.
Move down Places the selected line after the line just below it.
Cut Allows you to cut an authentication rule in order to move it.
Page 53/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
AUTHENTICATION
To Next Page
Loading...
