icon in the Configure
column to review or change the settings for Everyone
. Local groups are displayed in the Local Groups table. The table lists Name , Bypass Content Filters , Guest Services , Admin (access type), VPN Access , and Configure .
A default group,
Everyone
, is listed in the table. Click the edit icon in the Configure
column to review or change the settings for Everyone
.
See the following sections for configuration instructions:
This section describes how to create a local group, but also applies to editing existing local groups. To edit a local group, click the edit icon in same line as the group that you want to edit, then follow the steps in this procedure.
When adding or editing a local group, you can add other local groups as members of the group.
|
Step 1
|
|
Step 2
|
On the
Settings
tab, type a user name into the Name
field. Optionally, you may select the Members go straight to the management UI on web login
checkbox. This selection will only apply if this new group is subsequently given membership in another administrative group. You may also select the Require one-time passwords
checkbox to require SSL VPN users to submit a system-generated password for two-factor authentication. Users must have their email addresses set when this feature is enabled.
|
|
Note
|
For one-time password capability, remote users can be controlled at the group level. LDAP
users’ email addresses are retrieved from the server when original authentication is done. Authenticating remote users through RADIUS requires administrators to manually enter enter email addresses in the maangement interface, unless RADIUS user settings are configured to Use LDAP to retrieve user group information
.
|
|
Step 3
|
On the
Members
tab, to add users and other groups to this group, select the user or group from the Non-Members Users and Groups
list and click the right arrow button ->.
|
|
Step 4
|
The
VPN Access
tab configures which network resources VPN users (either GVC, NetExtender, or Virtual Office bookmarks) can access. On the VPN Access
tab, select one or more networks from the Networks
list and click the right arrow button (->
) to move them to the Access List
column. To remove the user’s access to a network, select the network from the Access List
, and click the left arrow button (<-
).
|
|
Note
|
The
VPN access
tab affects the ability of remote clients using GVC, NetExtender, and SSL VPN Virtual Office bookmarks to access network resources. To allow GVC, NetExtender, or Virtual Office users to access a network resource, the network address objects or groups must be added to the “allow” list on the VPN Access
tab.
|
|
Note
|
You can configure SSL VPN Access Lists for numerous users at the group level. To do this,
build an Address Object on the Network > Address Objects
management interface, such as for a public file server that all users of a group need access to. This newly created object now appears on the VPN Access
tab under “Networks,” so that you may assign groups by adding it to the Access List.
|
|
Step 5
|
On the
CFS Policy
tab, to enforce a custom Content Filtering Service policy for this group, select the CFS policy from the Policy
drop-down list.
|
|
Note
|
You can create custom Content Filtering Service policies in the Security Services >
Content Filter
page. See Security Services > Content Filter
.
|
|
Step 6
|
On the
Bookmark
tab, administrators can add, edit, or delete Virtual Office bookmarks for each group.
|
|
Step 7
|
Click
OK
.
|
You can configure local user groups on the SonicWALL by retrieving the user group names from your LDAP server. The Import from LDAP... button launches a dialog box containing the list of user group names available for import to the SonicWALL.
Having user groups on the SonicWALL with the same name as existing LDAP/AD user groups allows SonicWALL group memberships and privileges to be granted upon successful LDAP authentication.
To import groups from the LDAP server:
|
Step 1
|
|
Step 2
|
|
Step 3
|
In the
LDAP Import User Groups
dialog box, select the checkbox for each group that you want to import into the SonicWALL, and then click Save
.
|