320 likes | 475 Views
Policy Based Route & User Authentication. Authentication Component. Admin Users Authentication Type Authentication server Authentication Rule Address Object. Authentication Component - Admin User. Treeview: User Authentication => Local User Database.
E N D
Policy Based Route & User Authentication
Authentication Component • Admin Users • Authentication Type • Authentication server • Authentication Rule • Address Object
Authentication Component - Admin User Treeview: User Authentication => Local User Database
Authentication Component - Authentication type • Authentication User • PPTP User • L2TP User • Xauth User • IKE ID list
Authentication Component - Address Object Treeview => Objects => Address book => IP4 Address Object
Authentication Component - Address Object Treeview => User Authentication => Local User Database Treeview => Objects => Address book => IP4 Address Object
Authentication Component - Address Object Treeview => User Authentication => Local User Database => User Treeview => Objects => Address book => IP4 Address Object Treeview => User Authentication => Local User Database
Example of Authentication Users • Configuration step • User Database ( local, external) • IP address object (incl. credential) • WebUI before Rules • User Authentication Rule • IP Rule
Example of Authentication Users • Configuration step • User Database ( local, external) • IP address object (incl. credential) • WebUI before Rules • User Authentication Rule • IP Rule
Example of Authentication Users • Configuration step • User Database ( local, external) • IP address object (incl. credential) • WebUI before Rules • User Authentication Rule • IP Rule
Example of Authentication Users • Configuration step • User Database ( local, external) • IP address object (incl. credential) • WebUI before Rules • User Authentication Rule • IP Rule
Example of Authentication Users • Configuration step • User Database ( local, external) • IP address object (incl. credential) • WebUI before Rules • User Authentication Rule • IP Rule
Outline • Policy based route • Basic knowledge • How to read a routing table • DFL’s internal traffic flow • Example of Policy Base Route • User authentication • Overview • Authentication Component • Authentication internal process • Example of user authentication • Hands-on • Setting and debugging • Q&A
Hands-on PBR and USER AUTH scenario Topology DFL-1600 WAN1 IP:1.1.1.1X/24 GW:1.1.1.2 www.mailsrv2.com PC1 IP:192.168.1.100/24 GW:192.168.1.1 LAN1:192.168.1.1/24 LAN2:192.168.2.1/24 WAN2 IP:3.3.3.1X/24 GW:3.3.3.2 HTTP & FTP server IP 5.5.5.5/24 • objective: • When PC1 and PC2 access the server, HTTP traffic goes WAN1 and FTP traffic goes WAN2 • Only users in Sales group can download a files via HTTP from PC1 and PC2 • When users download a files via FTP from PC2, they have to pass authentication, but from PC1 doesn’t need. • Note: ‘X’ means the number for your group. PC2 IP:192.168.2.100/24 GW:192.168.2.1