HELP TABLE OF CONTENTS

Access>Users

Extensive features are available on the Access>Users page for managing authentication and access to the network. Authentication can be performed using a local user database, RADIUS, or a combination of the two applications. Currently, when a VPN tunnel is established between two SonicWALL appliances, any users residing on the local LAN of each SonicWALL can send data across the VPN. In some cases, complete user access could be a security risk, and only authenticated users access the VPN tunnel and send data across the network.

Global User Settings

• Time users out after 5 minutes of inactivity - Enter the number of allowable inactivity minutes before a user is automatically logged out of the network via the SonicWALL.

• Limit login session time to - Limit the length of time, in minutes, that a user is allowed to be logged into the network via the SonicWALL. When a user logs into the SonicWALL using a username and password, the user can also set the maximum login session time, but it cannot be longer than the time configured by the administrator. If Limit login session time to is not selected, then the user has unlimited login session time on the SonicWALL.

• Allow DNS access for unauthenticated VPN users - Select this setting to allow SonicWALL Global VPN Clients without XAUTH or RADIUS authentication to use the SonicWALL DNS settings to resolve names on the Internet.

• Acceptable use policy text for user login - Allows you to create an acceptable use policy login message for users connecting to the SonicWALL. You can select the network ports (LAN, WAN, DMZ, VPN) you want to display the acceptable use policy login message.

Users

• Use RADIUS - Select Use Radius if you have configured RADIUS to authenticate users accessing the network through the SonicWALL. If you have more than 100 users requiring authentication, you must use a RADIUS server. If you select Use RADIUS, users must log into the SonicWALL using HTTPS in order to encrypt the password sent to the SonicWALL. If a user attempts to log into the SonicWALL using HTTP, the browser is automatically redirected to HTTPS.

• Allow only users listed below - Enable this setting if you have a subset of RADIUS users accessing the SonicWALL. The user names must be added to the internal SonicWALL user database before they can be authenticated using RADIUS.

• Authenticate users listed below - Selecting this option allows you to configure users in the local database. To add new users, fill out the User Name, Password, and Confirm Password fields, then select from the list of privileges allowed for the user:

• User Name - Type in the username for the user.

• Password - Type in the login password for the user.

• Confirm Password - Type in the login password again to confirm it.

• Remote Access - Enable this check box if the user accesses LAN resources through the firewall from a remote location on the Internet.

Alert! By enabling Remote Access, you allow unencrypted traffic over the Internet.

• Bypass Filters - Enable Bypass Filters if the user has unlimited access to the Internet from the LAN, bypassing Web, News, Java, and ActiveX blocking.

• Access to VPNs - Enable the check box if the user can send information over the VPN Security Associations with authentication enforcement.

• Access from the VPN Client with XAUTH - Enable the check box if the user requires XAUTH for authentication and accesses the firewall via a VPN client.

• Limited Management Capabilities - By enabling this check box, the user has limited local management access to the SonicWALL Management interface. The access is limited to the following pages: General - Status, Network, Time; Log - View Log, Log Settings, Log Reports;Tools - Restart, Diagnostics minus Tech Support Report.

Tip! The SonicWALL supports up to 100 users requiring RADIUS authentication in the local database.

Adding and Removing a User

Alert! You must add a user to the Local Database to enforce access privileges.

To add a new user, complete the following steps.

1. Highlight -Add New User- in the Current User list box.

2. Enter the name of a user into the User Name field.

3. Enter the user password in the Password and Confirm Password field. The password is case-sensitive.

4. Choose the privileges to be enabled for the user by selecting the appropriate check boxes.

5. Click Update to add the user to the SonicWALL database.

6. To remove a user, highlight the User Name, and click Remove User.

Current Users

A list of all current users is displayed in a table at the bottom of the page. The Current Users table lists the User Name, the IP Address of the user, the Session Time, Time Remaining of the session, and the Inactivity Remaining time.

Users Currently Locked Out After Login Failures

A list of current users locked after failing to log into the SonicWALL correctly is displayed in this section. The table lists the User Name Tried, the IP Address, Lockout Time Remaining, and an Unlock icon. The Unlock icon is used by the Administrator to allow the user access to the SonicWALL. Click the icon to enable access for the user.

User Login

When a user other than the administrator logs into the SonicWALL Management interface, a page is displayed with the user’s privileges listed. The user can set the maximum time for a login session, but it cannot be longer than the session time set by the administrator. The connection closes when the user exceeds the inactivity time-out period or the maximum session time is exceeded. If the connection is closed, the user must re-authenticate to regain their access through the SonicWALL.

Logging into the SonicWALL as the administrator automatically gives the user access to all VPN tunnels requiring authentication.

Tip! Authentication sessions create a log entry in the SonicWALL, but user activity is not logged.

Help Table of Contents