Users_groupObjView

Users_groupObjView

Configuring Local Groups

Local groups are displayed in the Local Groups table. The table lists Name, Bypass Content Filters, Guest Services, Admin (access type), VPN Access, and Configure.

A default group, Everyone, is listed in the table. Click the edit icon in the Configure column to review or change the settings for Everyone.

See the following sections for configuration instructions:

Creating a Local Group

This section describes how to create a local group, but also applies to editing existing local groups. To edit a local group, click the edit icon in same line as the group that you want to edit, then follow the steps in this procedure.

When adding or editing a local group, you can add other local groups as members of the group.

To add a local group:

  1. Click the Add Group button to display the Add Group window.
  2. On the Settings tab, type a user name into the Name field. Optionally, you may select the Members go straight to the management UI on web login checkbox. This selection will only apply if this new group is subsequently given membership in another administrative group. You may also select the Require one-time passwords checkbox to require SSL VPN users to submit a system-generated password for two-factor authentication. Users must have their email addresses set when this feature is enabled.

    3. Note: For one-time password capability, remote users can be controlled at the group level. LDAP users’ email addresses are retrieved from the server when original authentication is done. Authenticating remote users through RADIUS requires administrators to manually enter enter email addresses in the management interface, unless RADIUS user settings are configured to Use LDAP to retrieve user group information.

  3. On the Members tab, to add users and other groups to this group, select the user or group from the Non-Members Users and Groups list and click the right arrow button ->.
  4. The VPN Access tab configures which network resources VPN users (either GVC, NetExtender, or Virtual Office bookmarks) can access. On the VPN Access tab, select one or more networks from the Networks list and click the right arrow button (->) to move them to the Access List column. To remove the user’s access to a network, select the network from the Access List, and click the left arrow button (<-).

    5. Note: The VPN access tab affects the ability of remote clients using GVC, NetExtender, and SSL VPN Virtual Office bookmarks to access network resources. To allow GVC, NetExtender, or Virtual Office users to access a network resource, the network address objects or groups must be added to the “allow” list on the VPN Access tab.

    Note: You can configure SSL VPN Access Lists for numerous users at the group level. To do this, build an Address Object on the Network > Address Objects management interface, such as for a public file server that all users of a group need access to. This newly created object now appears on the VPN Access tab under “Networks,” so that you may assign groups by adding it to the Access List.

  5. On the CFS Policy tab, to enforce a custom Content Filtering Service policy for this group, select the CFS policy from the Policy drop-down list.

    6. Note: : You can create custom Content Filtering Service policies in the Security Services > Content Filter page. See Security Services > Content Filter.

  6. On the Bookmark tab, administrators can add, edit, or delete Virtual Office bookmarks for each group.
  7. Click OK.

Importing Local Groups from LDAP

You can configure local user groups on the SonicWALL by retrieving the user group names from your LDAP server. The Import from LDAP... button launches a dialog box containing the list of user group names available for import to the SonicWALL.

Having user groups on the SonicWALL with the same name as existing LDAP/AD user groups allows SonicWALL group memberships and privileges to be granted upon successful LDAP authentication.

To import groups from the LDAP server:

  1. In the Users > Settings page, set the Authentication Method to LDAP.
  2. In the Users > Local Groups page, click Import from LDAP....
  3. In the LDAP Import User Groups dialog box, optionally select the checkbox for groups that you do not want to import, and then click Remove from list.
  4. To undo all changes made to the list of groups, click Undo and then click OK in the confirmation dialog box.
  5. When finished pruning the list to a manageable size, select the checkbox for each group that you want to import into the SonicWALL, and then click Save selected.