User authentication, Firewall user authentication, Chapter 10 – Kerio Tech Firewall6 User Manual

Page 137: 1 firewall user authentication

Advertising
background image

137

Chapter 10

User Authentication

WinRoute allows administrators to monitor connections (packet, connection, Web pages or

FTP objects and command filtering) related to each user. The username in each filtering rule

represents the IP address of the host(s) from which the user is connected (i.e. all hosts the

user is currently connected from). This implies that a user group represents all IP addresses

its members are currently connected from.

Besides access restrictions, user authentication can be used also for monitoring of their activ-

ities in the Kerio StaR interface (see chapter

21

), in logs (see chapter

22

), in the list of opened

connections (see chapter

19.2

) and in the overview of hosts and users (see chapter

19.1

). If

there is no user connected from a certain host, only the IP address of the host will be displayed

in the logs and statistics. In statistics, this host’s traffic will be included in the group of not

logged in users.

10.1 Firewall User Authentication

Any user with their own account in WinRoute can authenticate at the firewall (regardless their

access rights). Users can connect:

Manually — by opening the WinRoute web interface in their browser

https://server:4081/

or http://server:4080/

(the name of the server and the port numbers are examples only — see chapter

11

).

It is also possible to authenticate for viewing of the web statistics (see chapter

21

) at

https://server:4081/star

or http://server:4080/star

The user will be also authenticated at the firewall within this authentication.

Redirection — when accessing any website (unless access to this page is explicitly

allowed to unauthenticated users — see chapter

12.2

).

Using NTLM — if Internet Explorer or Firefox/SeaMonkey is used and the user is au-

thenticated in a Windows NT domain or Active Directory, the user can be authenticated

automatically (the login page will not be displayed). For details, see chapter

25.2

.

Automatically — IP addresses of hosts from which they will be authenticated auto-

matically can be associated with individual users. This actually means that whenever

traffic coming from the particular host is detected, WinRoute assumes that it is cur-

rently used by the particular user , and the user is considered being authenticated

Advertising
Popular Brands
Popular manuals