“Detailed access” tab

Possible operations

  • Add button: Inserts a line to be configured after the selected line.
  • Delete button: Deletes the selected line.
  • Up button: Places the selected line before the line just above it.
  • Down button: Places the selected line after the line just below it.

 

A search field in which keywords/letters can be entered will allow you to find relevant users.

Interactive features

Some operations listed in the taskbar can be performed by right-clicking on the table of access privileges:

  • Add,
  • Delete.

Configuration table

This table allows assigning access privileges to your users or user groups, with regards to SSL VPN and IPSec VPN parameters.

The table contains the following columns:

Status

 

Status of the access privilege configuration for the user or user group:

Enabled: Double-click anywhere in the column to enable the created rule.

Disabled: The rule is not in operation. The line will be grayed out in order to reflect this.

REMARK

The firewall will assess rules in their order of appearance on the screen: one by one from the top down. They are numbered likewise on the left side of the column.

 

If Rule 1 affects a user group, all users involved in the rules that follow and which are part of this same group will be subject to its configuration.

 

Example: If in Rule 1, you deny a user group authentication and/or access to the SSL VPN and if the user in Rule 2 can authenticate via the LDAP and has a particular SSL VPN profile but is part of the group, this user will be blocked, and will have neither access to authentication nor to the SSL VPN.

User-user group

Whenever a new line is added to the table, you can select the user of the user group you wish to configure. To do so, click on the arrow to the right of the column, which will display a drop-down list offering you a choice of several CNs created earlier, in the menu Users\Users module.

NOTE

It is also possible to add users who are not in the LDAP database, for example, for the KERBEROS and RADIUS methods.

SSL VPN Portal

This column allows you to assign a particular SSL VPN profile to a user or user group, configured beforehand in the menu VPN\SSL VPN module\User profiles tab.

 

You may also select the Default option, which will take into account the default SSL VPN profile entered in the previous tab (Default options).

 

If you select Deny, the user or user group will not have access to any SSL VPN profiles, contrary to the option All profiles, which will provide access to all web and application servers that have been enabled in the user profiles.

IPSEC

In this field, it is possible to Block or Allow users the privilege of negotiating IPSec VPN tunnels.

Depending on your selection, internal users and user groups will or will not be able to communicate over your private protected IP networks, thereby allowing their data to be transmitted securely.

REMARK

The IPSec privilege only concerns tunnels:
  • with pre-shared key authentication and e-mail address logins, or
  • with certificate authentication.
SSL VPN

In this field, it is possible to Block or Allow users the privilege of negotiating SSL VPN tunnels. Depending on your selection, the internal users and user groups specified will or will not be able to communicate over your private protected IP networks, thereby allowing their data to be transmitted securely.

Sponsorship Depending on your selection, users or user groups will or will not be able to validate sponsorship requests submitted from the captive portal.
Description

Comments describing the user, user group or the rule.

REMARK

When you add lines to the table without having set up any rules, the columns Authentication, SSL VPN and IPSEC will be set to “Deny” by default, even if you have configured them differently in the Default options tab.

You therefore need to click on the option “Default” using the arrow to the right of each column if you wish to retrieve changes made earlier.