Chapter 29 Object
USG20(W)-VPN Series User’s Guide
460
The following table describes the labels in this screen.
Table 180 Configuration > Object > User/Group > User > Add
LABEL DESCRIPTION
User Name Type the user name for this user account. You may use 1-31 alphanumeric characters,
underscores(
_), or dashes (-), but the first character cannot be a number. This value is
case-sensitive. User names have to be different than user group names, and some
words are reserved. See Section 29.2.2.2 on page 458.
User Type This field displays the types of user accounts the USG uses:
• admin - this user can look at and change the configuration of the USG
• limited-admin - this user can look at the configuration of the USG but not to
change it
• user - this user has access to the USG’s services and can also browse user-mode
commands (CLI).
• guest - this user has access to the
USG’s services but cannot look at the
configuration.
• ext-user - this user account is maintained in a remote server, such as RADIUS or
LDAP. See Ext-User Accounts on page 456 for more information about this type.
• ext-group-user - this user account is maintained in a remote server, such as
RADIUS or LDAP. See Ext-Group-User Accounts on page 457 for more information
about this type.
Password This field is not available if you select the ext-user or ext-group-user type.
Enter the password of this user account. It can consist of 4 - 31 alphanumeric
characters.
Retype This field is not available if you select the ext-user or ext-group-user type.
Group Identifier This field is available for a ext-group-user type user account.
Specify the value of the AD or LDAP server’s Group Membership Attribute that
identifies the group to which this user belongs.
Associated AAA
Server Object
This field is available for a ext-group-user type user account. Select the AAA server to
use to authenticate this account’s users.
Description Enter the description of each user, if any. You can use up to 60 printable ASCII
characters. Default descriptions are provided.
Authentication
Timeout Settings
If you want the system to use default settings, select Use Default Settings. If you
want to set authentication timeout to a value other than the default settings, select Use
Manual Settings then fill your preferred values in the fields that follow.
Lease Time If you select Use Default Settings in the Authentication Timeout Settings field, the
default lease time is shown.
If you select Use Manual Settings, you need to enter the number of minutes this user
has to renew the current session before the user is logged out. You can specify 1 to
1440 minutes. You can enter 0 to make the number of minutes unlimited. Admin users
renew the session every time the main screen refreshes in the Web Configurator. Access
users can renew the session by clicking the Renew button on their screen. If you allow
access users to renew time automatically (see Section 29.2.4 on page 462), the users
can select this check box on their screen as well. In this case, the session is
automatically renewed before the lease time expires.
Reauthentication
Time
If you select Use Default Settings in the Authentication Timeout Settings field, the
default lease time is shown.
If you select Use Manual Settings, you need to type the number of minutes this user
can be logged into the USG in one session before the user has to log in again. You can
specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited.
Unlike Lease Time
, the user has no opportunity to renew the session without logging
out.
Configuration
Validation
Use a user account from the group specified above to test if the configuration is correct.
Enter the account’s user name in the User Name field and click Test.
To Next Page
Loading...
