Support User Manuals

SonicWALL 5.8.1 Microscope & Magnifier User Manual

Open as PDF

of 1490

User Management

998

SonicOS 5.8.1 Administrator Guide

You can also add or edit local groups. The configurable settings for groups include the

following:

• Group settings - For administrator groups, you can configure SonicOS to allow login to the

management interface without activating the login status popup window.

• Group members - Groups have members that can be local users or other local groups.

• VPN access - VPN access for groups is configured in the same way as VPN access for

users. You can configure the networks that are accessible to a VPN client started by a

member of this group. When configuring VPN access settings, you can select from a list of

networks. The networks are designated by their Address Group or Address Object

names.

• CFS policy - You can apply a content filtering (CFS) policy to group members. The CFS

policy setting is only available if the SonicWALL is currently licensed for Premium Content

Filtering Service.

Using RADIUS for Authentication

Remote Authentication Dial In User Service (RADIUS) is a protocol used by SonicWALL

security appliances to authenticate users who are attempting to access the network. The

RADIUS server contains a database with user information, and checks a user’s credentials

using authentication schemes such as Password Authentication Protocol (PAP), Challenge-

handshake authentication protocol (CHAP), Microsoft CHAP (MSCHAP), or MSCHAPv2.

While RADIUS is very different from LDAP, primarily providing secure authentication, it can also

provide numerous attributes for each entry, including a number of different ones that can be used

to pass back user group memberships. RADIUS can store information for thousands of users,

and is a good choice for user authentication purposes when many users need access to the

network.

E7500

Network Security Appliance

Internet

User

Workstation

RADIUS Server

1

2

3

4

5

6

7

2

3

4

5

6

7

1

User attempts to access the web.

SNWL requires authentication of the User:

redirects workstation to authenticate.

User authenticates with credentials.

SonicWALL sends the credentials to the

RADIUS server.

RADIUS Server authenticates the credentials and

responds, optionally with User Group Membership Information.

RADIUS Group Membership is compared against

SonicWALL Group Membership for accessing privileges.

SNWL authorizes or denies access based on User privileges.

previous next