On this page, you can configure the authentication method required, global user settings, and an acceptable user policy that is displayed to users when logging onto your network.
Configuration instructions for the settings on this page are provided in the following sections:
In the Authentication method for login drop-down list, select the type of user account management your network uses:
|
•
|
Select
Local Users
to configure users in the local database in the SonicWALL appliance using the Users > Local Users
and Users > Local Groups
pages.
|
For information about using the local database for authentication, see “Using Local Users and Groups for Authentication” .
For detailed configuration instructions, see the following sections:
|
•
|
Select
RADIUS
if you have more than 1,000 users or want to add an extra layer of security for authenticating the user to the SonicWALL. If you select RADIUS for user authentication, users must log into the SonicWALL using HTTPS in order to encrypt the password sent to the SonicWALL. If a user attempts to log into the SonicWALL using HTTP, the browser is automatically redirected to HTTPS.
|
For information about using a RADIUS database for authentication, see “Using RADIUS for Authentication” .
For detailed configuration instructions, see “Configuring RADIUS Authentication”
|
•
|
Select
RADIUS + Local Users
if you want to use both RADIUS and the SonicWALL local user database for authentication.
|
|
•
|
Select
LDAP
if you use a Lightweight Directory Access Protocol (LDAP) server, Microsoft Active Directory (AD) server, or Novell eDirectory to maintain all your user account data.
|
For information about using an LDAP database for authentication, see “Using LDAP / Active Directory / eDirectory Authentication” .
For detailed configuration instructions, see “Configuring LDAP Integration in SonicOS Enhanced”
|
•
|
Select
LDAP + Local Users
if you want to use both LDAP and the SonicWALL local user database for authentication.
|
In the Single-sign-on method drop-down list, select SonicWALL SSO Agent if you are using Active Directory for authentication and the SonicWALL SSO Agent is installed on a computer in the same domain. Also, select SonicWALL SSO Agent if you are using Terminal Services and the SonicWALL Terminal Services Agent (TSA) is installed on a terminal server in the same domain. Otherwise, select None . For detailed SSO configuration instructions, see “Configuring Single Sign-On” .
In the Show user authentication page for field, enter the number of minutes that a user has to log in before the login page times out. If it times out, a message displays saying they must click before attempting to log in again.
Select Case-sensitive user names to enable matching based on capitalization of user account names.
Select Enforce login uniqueness to prevent the same user name from being used to log into the network from more than one location at a time. This setting applies to both local users and RADIUS/LDAP users. However the login uniqueness setting does not apply to the default administrator with the username admin .
Select Allow HTTP login with RADIUS CHAP mode to to have a CHAP challenge be issued when a RADIUS user attempts to log in using HTTP. This allows for a secure connection without using HTTPS. Be sure to check that the RADIUS server supports this option.
|
Note
|
Administrators who log in using this method will be restricted in the management operations
they can perform (because some operations require the appliance to know the administrator's password, which is not the case for this authentication method).
|
Select Redirect users from HTTPS to HTTP on completion of login if you want users to be connected to the network through your SonicWALL appliance via HTTP after logging in via HTTPS. If you have a large number of users logging in via HTTPS, you may want to redirect them to HTTP, because HTTPS consumes more system resources than HTTP. If you deselect this option, you will see a warning dialog.
The settings listed below apply to all users when authenticated through the SonicWALL.
|
•
|
Inactivity timeout (minutes)
: users can be logged out of the SonicWALL after a preconfigured inactivity time. Enter the number of minutes in this field. The default value is 5
minutes.
|
|
•
|
Enable login session limit
: you can limit the time a user is logged into the SonicWALL by selecting the check box and typing the amount of time, in minutes, in the Login session
limit (minutes)
field. The default value is 30
minutes.
|
|
•
|
Show user login status window
: causes a status window to display with a Log Out
button during the user’s session. The user can click the Log Out
button to log out of their session.
|
The User Login Status window displays the number of minutes the user has left in the login session. The user can set the remaining time to a smaller number of minutes by entering the number and clicking the Update button.
If the user is a member of the SonicWALL Administrators or Limited Administrators user group, the User Login Status window has a Manage button the user can click to automatically log into the SonicWALL appliance’s management interface. See “Disabling the User Login Status Popup” for information about disabling the User Login Status window for administrative users. See “Configuring Local Groups” for group configuration procedures.
|
•
|
User's login status window sends heartbeat every (seconds)
: Sets the frequency of the heartbeat signal used to detect whether the user still has a valid connection
|
|
•
|
Enable disconnected user detection
: Causes the SonicWALL to detect when a user’s connection is no longer valid and end the session.
|
|
•
|
Timeout on heartbeat from user's login status window (minutes)
: Sets the time needed without a reply from the heartbeat before ending the user session.
|
Allow these HTTP URLs to bypass users authentication access rules : Define a list of URLs users can connect to without authenticating. To add a URL to the list:
|
Step 1
|
Click
Add
below the URL list.
|
|
Step 2
|
In the
Enter URL
window, enter the top level URL you are adding, for example,
www.sonicwall.com
. All sub directories of that URL are included, such as www.sonicwall.com/us/Support.html. Click on OK
to add the URL to the list. |
An acceptable use policy (AUP) is a policy that users must agree to follow in order to access a network or the Internet. It is common practice for many businesses and educational facilities to require that employees or students agree to an acceptable use policy before accessing the network or Internet through the SonicWALL.
The Acceptable Use Policy section allows you to create the AUP message window for users. You can use HTML formatting in the body of your message. Clicking the Example Template button creates a preformatted HTML template for your AUP window.
|
•
|
Display on login from
- Select the network interface(s) you want to display the Acceptable Use Policy page when users login. You can choose Trusted Zones, WAN Zone
, Public
Zones
, Wireless Zones
,
and VPN Zone
in any combination.
|
|
•
|
Window size (pixels)
- Allows you to specify the size of the AUP window defined in pixels. Checking the Enable scroll bars on the window
allows the user to scroll through the AUP window contents.
|
|
•
|
Enable scroll bars on window
- Turns on the scroll bars if your content will exceed the display size of the window.
|
Acceptable use policy page content - Enter your Acceptable Use Policy text in the text box. You can include HTML formatting. The page that is displayed to the user includes an I Accept button or Cancel button for user confirmation.
Click the Example Template button to populate the content with the default AUP template, which you can modify:
Click the Preview button to display your AUP message as it will appear for the user.