Chapter 43 Object
ZyWALL USG Series User’s Guide
869
43.11 Auth. Method Overview
Authentication method objects set how the Zyxel Device authenticates wireless, HTTP/HTTPS clients, and
peer IPSec routers (extended authentication) clients. Configure authentication method objects to have
the Zyxel Device use the local user database, and/or the authentication servers and authentication
server groups specified by AAA server objects. By default, user accounts created and stored on the
Zyxel Device are authenticated locally.
• Use the Configuration > Object > Auth. Method screens (Section 43.11.3 on page 870) to create and
manage authentication method objects.
• Use the Configuration > Object > Auth. Method > Two-Factor Authentication screen (Section 43.11.4
on page 872) to configure double-layer security to access a secured network behind the Zyxel
Device via a VPN tunnel, Web Configurator, SSH, or Telnet.
43.11.1 Before You Begin
Configure AAA server objects before you configure authentication method objects.
43.11.2 Example: Selecting a VPN Authentication Method
After you set up an authentication method object in the Auth. Method screens, you can use it in the VPN
Gateway screen to authenticate VPN users for establishing a VPN connection. Refer to the chapter on
VPN for more information.
Follow the steps below to specify the authentication method for a VPN connection.
1 Access the Configuration > VPN > IPSec VPN > VPN Gateway > Edit screen.
2 Click Show Advance Setting and select Enable Extended Authentication.
Key Enter a password (up to 15 alphanumeric characters) as the key to be shared between the
external authentication server and the Zyxel Device.
The key is not sent over the network. This key must be the same on the external authentication
server and the Zyxel Device.
Group
Membership
Attribute
A RADIUS server defines attributes for its accounts. Select the name and number of the
attribute that the Zyxel Device is to check to determine to which group a user belongs. If it does
not display, select user-defined and specify the attribute’s number.
This attribute’s value is called a group identifier; it determines to which group a user belongs.
You can add ext-group-user user objects to identify groups based on these group identifier
values.
For example you could have an attribute named “memberOf” with values like “sales”, “RD”,
and “management”. Then you could also create a ext-group-user user object for each group.
One with “sales” as the group identifier, another for “RD” and a third for “management”.
OK Click OK to save the changes.
Cancel Click Cancel to discard the changes.
Table 342 Configuration > Object > AAA Server > RADIUS > Add (continued)
LABEL DESCRIPTION
To Next Page
Loading...
