Local Users are users stored and managed on the security appliance’s local database. In the
Users > Local Users
page, you can view and manage all local users, add new local users, and edit existing local users. You can also import users from your LDAP server.
See the following sections for configuration instructions:
The following global settings can be configured for all local users on the
Users > Local Users
page:
|
|
•
|
Prune account upon expiration
- For a user account that is configured with a limited lifetime, selecting this checkbox causes the user account to be deleted after the lifetime expires. Disable this checkbox to have the account simply be disabled after the lifetime expires. The administrator can then re-enable the account by resetting the account lifetime.
|
You can view all the groups to which a user belongs on the
Users > Local Users
page. Click on the expand icon 
next to a user to view the group memberships for that user.
The three columns to the right of the user’s name list the privileges for the user. The expanded
view displays the groups from which the user gets each privilege.
You can add local users to the internal database on the SonicWALL security appliance from the
Users > Local Users
page. Users can be added manually, as described here, or you can import users from an LDAP server, as described in the “Importing Local Users from LDAP” section
. To manually add local users to the database, perform the following steps:
|
Step 1
|
Click
Add User
. The Add User
configuration window displays.
|
|
Step 2
|
On the
Settings
tab, type the user name into the Name
field.
|
|
Step 3
|
In the
Password
field, type a password for the user. Passwords are case-sensitive and should consist of a combination of letters and numbers rather than names of family, friends, or pets.
|
|
Step 5
|
Optionally, select the
User must change password
checkbox to force users to change their passwords the first time they log in. Select the Require one-time passwords
checkbox to enable this functionality requiring SSL VPN users to submit a system-generated password for two-factor authentication.
|
|
Step 7
|
In the
Account Lifetime
pulldown menu, select Never expires
to make the account permanently. Or select Minutes
, Hours
, or Days
to specify a lifetime after which the user account will either be deleted or disabled.
|
|
|
•
|
If you select a limited lifetime, select the
Prune account upon expiration
checkbox to have the user account deleted after the lifetime expires. Disable this checkbox to have the account simply be disabled after the lifetime expires. The administrator can then re-enable the account by resetting the account lifetime.
|
|
Step 9
|
On the
Groups
tab, under User Groups
, select one or more groups to which the user will belong, and click the arrow button -> to move the group name(s) into the Member of
list. The user will be a member of the selected groups. To remove the user from a group, select the group from the Member of
list, and click the left arrow button <-.
|
|
Step 10
|
The
VPN Access
tab configures which network resources VPN users (either GVC, NetExtender, or Virtual Office bookmarks) can access. On the VPN Access
tab, select one or more networks from the Networks
list and click the right arrow button (->
) to move them to the Access List
column. To remove the user’s access to a network, select the network from the Access List
, and click the left arrow button (<-
).
|
|
|
Note
|
The
VPN access
tab affects the ability of remote clients using GVC, NetExtender, and Virtual Office bookmarks to access network resources. To allow GVC, NetExtender, or Virtual Office users to access a network resource, the network address objects or groups must be added to the “allow” list on the VPN Access
tab.
|
|
Step 11
|
On the
Bookmark
tab, administrators can add, edit, or delete Virtual Office bookmarks for each user who is a member of a related group. For information on configuring SSL VPN bookmarks, see “
Configuring SSL VPN Bookmarks
”
.
|
|
Step 12
|
Click
OK
to complete the user configuration.
|
You can edit local users from the
Users > Local Users
screen. To edit a local user:
You can configure local users on the SonicWALL by retrieving the user names from your LDAP
server. The Import from LDAP
button launches a dialog box containing the list of user names available for import to the SonicWALL.
Having users on the SonicWALL with the same name as existing LDAP/AD users allows
SonicWALL user privileges to be granted upon successful LDAP authentication.
The list of users read from the LDAP server can be quite long, and you will probably only want
to import a small number of them. A Remove from list
button is provided, along with several methods of selecting unwanted users.You can use these options to reduce the list to a manageable size and then select the users to import.
To import users from the LDAP server:
|
Step 1
|
In the
Users > Settings
page, set the Authentication Method
to LDAP
or LDAP + Local
Users
.
|
|
Step 2
|
In the
Users > Local Users
page, click Import from LDAP
.
|
|
Step 3
|
In the
LDAP Import Users
dialog box, you can select individual users or select all users. To select all users in the list, select the Select/deselect all
checkbox at the top of the list. To clear all selections, click it again.
|
In this option,
name
refers to the user name displayed in the left column of the list, description
refers to the description displayed to its right (not present for all users), and location
refers to the location of the user object in the LDAP directory. The location, along with the full user name, is displayed by a mouse-over on a user name, as shown in the image above.
For example, you might want to remove accounts that are marked as “Disabled” in their
descriptions. In this case, select description
in the first field and type Disabled
in the second field. The second field is case-sensitive, so if you typed disabled
you would prune out a different set of users.
in the VPN Access column to view the
network resources to which the user has VPN access.
under Configure to remove the user from a 
under Configure to edit the user.
under Configure to delete the user or group in that row.