Chapter 29 Object
USG20(W)-VPN Series User’s Guide
456
•The Group screen (see Section 29.2.3 on page 461) provides a summary of all user groups. In
addition, this screen allows you to add, edit, and remove user groups. User groups may consist of
access users and other user groups. You cannot put admin users in user groups
•The Setting screen (see Section 29.2.4 on page 462) controls default settings, login settings,
lockout settings, and other user settings for the USG. You can also use this screen to specify
when users must log in to the USG before it routes traffic for them.
•The MAC Address screen (see Section 29.2.5 on page 467) allows you to configure the MAC
addresses or OUI (Organizationally Unique Identifier) of wireless clients for MAC authentication
using the local user database. The OUI is the first three octets in a MAC address and uniquely
identifies the manufacturer of a network device
.
29.2.1 What You Need To Know
User Account
A user account defines the privileges of a user logged into the USG. User accounts are used in
security policies, in addition to controlling access to configuration and services in the USG.
User Types
These are the types of user accounts the USG uses.
Note: The default admin account is always authenticated locally, regardless of the
authentication method setting. (See Chapter 29 on page 511 for more information
about authentication methods.)
Ext-User Accounts
Set up an ext-user account if the user is authenticated by an external server and you want to set
up specific policies for this user in the USG. If you do not want to set up policies for this user, you
do not have to set up an ext-user account.
All ext-user users should be authenticated by an external server, such as AD, LDAP or RADIUS. If
the USG tries to use the local database to authenticate an ext-user, the authentication attempt
always fails. (This is related to AAA servers and authentication methods, which are discussed in
those chapters in this guide.)
Table 178 Types of User Accounts
TYPE ABILITIES LOGIN METHOD(S)
Admin Users
admin Change USG configuration (web, CLI) WWW, TELNET, SSH, FTP, Console
limited-admin Look at USG configuration (web, CLI)
Perform basic diagnostics (CLI)
WWW, TELNET, SSH, Console
Access Users
user Access network services
Browse user-mode commands (CLI)
WWW, TELNET, SSH
guest Access network services WWW
ext-user External user account WWW
ext-group-user External group user account WWW
To Next Page
Loading...
