2 groups, 3 settings, 2 groups 7.5.3 settings – NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 7: The VPN Menu

70

7.5.2 Groups

In this page a table is displayed, which shows all the groups that are either defined on the appliance or on an external
LDAP server. For each group the following information are shown:

▪ Groupname. The name of the group.

▪ Remark. A comment.

▪ Authentication server. The server used for the user authentication, which is either local (the appliance itself) or LDAP

(an external LDAP server, configurable in the vpnauthsettings tab).

▪ Actions. The available operation that can be carried out on the account. For LDAP servers the only action is to Edit the

local properties, while for local groups there is also the possibility to Delete the group.

Click on Add new local groups above the table to add a new local group. In the form that will show up, the following
options can be specified for each group.

Group Name
The name given to the group.

Remark
A comment.

Users
In this part of the panel it is possible to assign users to the group. in the search widget it is possible to filter existing local
users to find matching users. Users are added to the group by clicking on the + on the right of the username. Users in the
Group are shown in the textfield below. There are also shortcuts to Add all and to Remove all users to/from a group.

Override OpenVPN options
Tick this checkbox to allow the OpenVPN protocol to be used. This option will reveal a box in which to specify custom
option for the account, which are the same as those specified for the local users.

Override L2TP options
Tick this checkbox to show a box in which to choose the L2TP tunnel to be used from a drop-down menu.

Note:

This option can not be selected if no L2TP tunnel has yet been configured. In such a case, an informative message

appears as a hyperlink: Upon clicking on it, the IPsec connection editor opens. Once created a new L2TP tunnel, it will
be possible to associate it to a user.

Hint: The box for L2TP options will appear below the OpenVPN options box, if also OpenVPN option are to be overridden.

Enabled
Tick the checkbox to enable the user, i.e., to allow her to connect to the OpenVPN server on the appliance.

Warning: While the same user can be legally part of one or more groups, care must be taken that the groups the user
belongs to do not define contrasting override options. As an example, consider a user member of two groups, one
allowing access only to the GREEN zone, and one only to the BLUE. In this case, it is not easy to predict whether that
user will be granted or not access to the BLUE or GREEN zone. The management of these issues is left to the manager
of the OpenVPN server.

7.5.3 Settings

This page contains the current configuration of the authentication servers on which the appliance relies and allows for
their management. Currently, only local and LDAP / Active Directory are supported, though in future releases additional
types of authentication server might be added, like e.g. Radius servers.

There are two tables in this page, one displaying information about Authentication servers, and one showing
Authentication server mappings. In the former, those information is shown:

▪ Name. The name given to the server

▪ Type. Whether the server is a local or an external LDAP one.

▪ Service. Which authentication is available for that server.

▪ Actions. For local authentication, it is possible to enable/disable the server, to edit it, or to delete it. For LDAP servers

there is also the ability to refresh the connection, for synchronising the users and groups.