User Guide
Page 25
... 44.1.4 What You Can Do in this Chapter 766 44.1.5 What You Need To Know 767 44.2 Active Directory or LDAP Server Summary 769 44.2.1 Adding an Active Directory or LDAP Server 769 44.3 RADIUS Server Summary 771 44.3.1 Adding a RADIUS Server 773 Chapter 45 Authentication Method ...775 45.1 Overview ...775 ZyWALL USG 300 User's Guide 25
... 44.1.4 What You Can Do in this Chapter 766 44.1.5 What You Need To Know 767 44.2 Active Directory or LDAP Server Summary 769 44.2.1 Adding an Active Directory or LDAP Server 769 44.3 RADIUS Server Summary 771 44.3.1 Adding a RADIUS Server 773 Chapter 45 Authentication Method ...775 45.1 Overview ...775 ZyWALL USG 300 User's Guide 25
User Guide
Page 55
...Lists. Schedule Create one-time and recurring schedules. LDAP-Group Create and manage groups of addresses. ZyWALL USG 300 User's Guide 55 Default Active Directory- LDAP-Default Configure the default LDAP settings. Auth. Legacy Mode Configure legacy mode device HA for ...content filtering policies. Address Group Create and manage groups of LDAP servers. Configure the default Active Directory settings. Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION ADP General...
...Lists. Schedule Create one-time and recurring schedules. LDAP-Group Create and manage groups of addresses. ZyWALL USG 300 User's Guide 55 Default Active Directory- LDAP-Default Configure the default LDAP settings. Auth. Legacy Mode Configure legacy mode device HA for ...content filtering policies. Address Group Create and manage groups of LDAP servers. Configure the default Active Directory settings. Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION ADP General...
User Guide
Page 338
...can have already configured. The RADIUS fields display if you have the ZyWALL check a user's user name and password against the ZyWALL's local database, a remote LDAP, RADIUS, a Active Directory server, or more than one of the external authentication server in this ...Type Select what the ZyWALL uses to Auth Server. The authentication method can configure the "default" authentication method object, but it's default configuration uses the ZyWALL's local database for how to manually specify a RADIUS server's settings in dotted decimal notation. 338 ZyWALL USG 300 User's Guide
...can have already configured. The RADIUS fields display if you have the ZyWALL check a user's user name and password against the ZyWALL's local database, a remote LDAP, RADIUS, a Active Directory server, or more than one of the external authentication server in this ...Type Select what the ZyWALL uses to Auth Server. The authentication method can configure the "default" authentication method object, but it's default configuration uses the ZyWALL's local database for how to manually specify a RADIUS server's settings in dotted decimal notation. 338 ZyWALL USG 300 User's Guide
User Guide
Page 558
... one of these. Allowed User The authentication method has the ZyWALL check a user's user name and password against the ZyWALL's local database, a remote LDAP, RADIUS, a Active Directory server, or more than one you use must log into the ZyWALL to the L2TP VPN clients. See Chapter 45 on page 775... received from the remote user. Select a user or user group that it uses) disconnects any traffic from its last-saved settings. 558 ZyWALL USG 300 User's Guide First DNS Server Specify the IP addresses of IP addresses. First WINS Server, Second WINS Server From ISP - Chapter 31 ...
... one of these. Allowed User The authentication method has the ZyWALL check a user's user name and password against the ZyWALL's local database, a remote LDAP, RADIUS, a Active Directory server, or more than one you use must log into the ZyWALL to the L2TP VPN clients. See Chapter 45 on page 775... received from the remote user. Select a user or user group that it uses) disconnects any traffic from its last-saved settings. 558 ZyWALL USG 300 User's Guide First DNS Server Specify the IP addresses of IP addresses. First WINS Server, Second WINS Server From ISP - Chapter 31 ...
User Guide
Page 674
...change or reform in public policy, public opinion, social practice, or economic activities. It also includes radio stations and magazines. Sites that primarily report information or...other categories. Open Image/Media Search This category includes pages with blogs. 674 ZyWALL USG 300 User's Guide It also includes pages that sponsor or provide information on computers,...information. Health This category includes pages that support searching the Internet, indices, and directories. Search Engines/Portals This category includes pages that provide advice and information on ...
...change or reform in public policy, public opinion, social practice, or economic activities. It also includes radio stations and magazines. Sites that primarily report information or...other categories. Open Image/Media Search This category includes pages with blogs. 674 ZyWALL USG 300 User's Guide It also includes pages that sponsor or provide information on computers,...information. Health This category includes pages that support searching the Internet, indices, and directories. Search Engines/Portals This category includes pages that provide advice and information on ...
User Guide
Page 765
... ext-group-user user objects and authentication method objects (see Chapter 45 on page 775). 44.1.1 Directory Service (AD/LDAP) LDAP/AD allows a client (the ZyWALL) to connect to a server to your network. ZyWALL USG 300 User's Guide 765 Use the AAA Server screens to the LDAP/AD server. 3 When the binding... access is shown next. A network example is blocked. You use a AAA (Authentication, Authorization, Accounting) server to provide access control to retrieve information from a directory. CHAPTER 44 AAA Server 44.1 Overview You can be a Active Directory, LDAP, or RADIUS server.
... ext-group-user user objects and authentication method objects (see Chapter 45 on page 775). 44.1.1 Directory Service (AD/LDAP) LDAP/AD allows a client (the ZyWALL) to connect to a server to your network. ZyWALL USG 300 User's Guide 765 Use the AAA Server screens to the LDAP/AD server. 3 When the binding... access is shown next. A network example is blocked. You use a AAA (Authentication, Authorization, Accounting) server to provide access control to retrieve information from a directory. CHAPTER 44 AAA Server 44.1 Overview You can be a Active Directory, LDAP, or RADIUS server.
User Guide
Page 766
...database that is a RADIUS server that works with the One-Time Password (OTP) feature. Purchase a ZyWALL OTP package in order to configure Active Directory or LDAP server objects. 766 ZyWALL USG 300 User's Guide Do the following to use this Chapter • Use the Configuration > Object > ...AAA Server > Active Directory (or LDAP) screens (Section 44.2 on page 769) to use OTP. In essence, RADIUS ...
...database that is a RADIUS server that works with the One-Time Password (OTP) feature. Purchase a ZyWALL OTP package in order to configure Active Directory or LDAP server objects. 766 ZyWALL USG 300 User's Guide Do the following to use this Chapter • Use the Configuration > Object > ...AAA Server > Active Directory (or LDAP) screens (Section 44.2 on page 769) to use OTP. In essence, RADIUS ...
User Guide
Page 767
...Directory Service (LDAP/AD) LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory service that is a popular protocol used to authenticate users by the ZyWALL The following lists the types of authentication server the ZyWALL supports. • Local user database The ZyWALL...authenticate administrative users logging into the ZyWALL's Web Configurator or network access users logging into the network through the ZyWALL. Normally, the directory structure reflects the geographical or ZyWALL USG 300 User's Guide 767 The directory consists of a database specialized ...
...Directory Service (LDAP/AD) LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory service that is a popular protocol used to authenticate users by the ZyWALL The following lists the types of authentication server the ZyWALL supports. • Local user database The ZyWALL...authenticate administrative users logging into the ZyWALL's Web Configurator or network access users logging into the network through the ZyWALL. Normally, the directory structure reflects the geographical or ZyWALL USG 300 User's Guide 767 The directory consists of a database specialized ...
User Guide
Page 769
... want to remove it and click Remove. For example, o=ZyXEL, c=US. 44.2.1 Adding an Active Directory or LDAP Server Click Object > AAA Server > Active Directory (or LDAP) to display the ZyWALL USG 300 User's Guide 769 See Section 13.3.2 on groups. 44.2 Active Directory or LDAP Server Summary Use the Active Directory or LDAP screen to use the entry. Figure 509 Configuration...
... want to remove it and click Remove. For example, o=ZyXEL, c=US. 44.2.1 Adding an Active Directory or LDAP Server Click Object > AAA Server > Active Directory (or LDAP) to display the ZyWALL USG 300 User's Guide 769 See Section 13.3.2 on groups. 44.2 Active Directory or LDAP Server Summary Use the Active Directory or LDAP screen to use the entry. Figure 509 Configuration...
User Guide
Page 770
Description Enter the description of the AD or LDAP server. Table 214 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add LABEL DESCRIPTION Name Enter a descriptive name (up to 63 alphanumerical characters) for identification purposes. Backup ...or edit an existing one. Chapter 44 AAA Server following table describes the labels in this screen to which the ZyWALL sends authentication requests. Use this group. 770 ZyWALL USG 300 User's Guide Figure 510 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add The following screen.
Description Enter the description of the AD or LDAP server. Table 214 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add LABEL DESCRIPTION Name Enter a descriptive name (up to 63 alphanumerical characters) for identification purposes. Backup ...or edit an existing one. Chapter 44 AAA Server following table describes the labels in this screen to which the ZyWALL sends authentication requests. Use this group. 770 ZyWALL USG 300 User's Guide Figure 510 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add The following screen.
User Guide
Page 771
...". For example, o=ZyXEL, c=US. For example, o=ZyXEL, c=US. For example "name" or "e-mail address". Then you could also create a ext-group-user user object for this case, user authentication fails. Click OK to the AD or LDAP server(s). ZyWALL USG 300 User's Guide 771 Enter...Specify the timeout period (between 1 and 300 seconds) before the ZyWALL disconnects from the server specified above to test if the configuration is called a group identifier; Chapter 44 AAA Server Table 214 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add LABEL DESCRIPTION...
...". For example, o=ZyXEL, c=US. For example, o=ZyXEL, c=US. For example "name" or "e-mail address". Then you could also create a ext-group-user user object for this case, user authentication fails. Click OK to the AD or LDAP server(s). ZyWALL USG 300 User's Guide 771 Enter...Specify the timeout period (between 1 and 300 seconds) before the ZyWALL disconnects from the server specified above to test if the configuration is called a group identifier; Chapter 44 AAA Server Table 214 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add LABEL DESCRIPTION...
User Guide
Page 969
... update from version to update the IDP signature file failed because the device could not decompress the signature file. Create IDP debug directory failed The IDP system-protect function had an error. System internal error. System-protect error. System-protect error. An attempt to...statistics entry failed. Create IDP statistics entry failed. There was an internal system error. Creation of the IDP debug directory failed. IDP activation unchanged. The device did not have enough available memory. IDP activation failed. ZyWALL USG 300 User's Guide 969
... update from version to update the IDP signature file failed because the device could not decompress the signature file. Create IDP debug directory failed The IDP system-protect function had an error. System internal error. System-protect error. System-protect error. An attempt to...statistics entry failed. Create IDP statistics entry failed. There was an internal system error. Creation of the IDP debug directory failed. IDP activation unchanged. The device did not have enough available memory. IDP activation failed. ZyWALL USG 300 User's Guide 969
User Guide
Page 1123
...and users 732 directory service 765 LDAP 765, 767 local user database 767 object, where used 112 RADIUS 766, 767, 771 RADIUS group 773 see also RADIUS access 47 access control attacks 613 Access Point Name, see APN access point, See AP 326 ZyWALL USG 300 User's Guide... Index Index access users 732, 733 custom page 846 forcing login 450 idle timeout 741 logging in 450 multiple logins 742 see also users 732 Web Configurator 744 access users, see also force user authentication policies account myZyXEL.com 285 user 731 accounting server 765 Active Directory, see AD active...
...and users 732 directory service 765 LDAP 765, 767 local user database 767 object, where used 112 RADIUS 766, 767, 771 RADIUS group 773 see also RADIUS access 47 access control attacks 613 Access Point Name, see APN access point, See AP 326 ZyWALL USG 300 User's Guide... Index Index access users 732, 733 custom page 846 forcing login 450 idle timeout 741 logging in 450 multiple logins 742 see also users 732 Web Configurator 744 access users, see also force user authentication policies account myZyXEL.com 285 user 731 accounting server 765 Active Directory, see AD active...
User Guide
Page 1125
... ports 560 prerequisites 109 priority 565 priority effect 564 protocol statistics 261, 262 registration status 570 service ports 560 statistics 259 trial service activation 286 troubleshooting 921, 927, 931 troubleshooting signatures update 920 unidentified applications 578 updating signatures 291 vs firewall 457, 460 applications 41 AppPatrol,...non-RFC-HTTP-delimiter 654 obsolete-options 655 oversize-chunk-encoding 654 oversize-len 655 oversize-offset 655 oversize-request-uri-directory 654 P2P 612 pattern-based 40 scan 613 self-directory-traversal attack 654 ZyWALL USG 300 User's Guide 1125
... ports 560 prerequisites 109 priority 565 priority effect 564 protocol statistics 261, 262 registration status 570 service ports 560 statistics 259 trial service activation 286 troubleshooting 921, 927, 931 troubleshooting signatures update 920 unidentified applications 578 updating signatures 291 vs firewall 457, 460 applications 41 AppPatrol,...non-RFC-HTTP-delimiter 654 obsolete-options 655 oversize-chunk-encoding 654 oversize-len 655 oversize-offset 655 oversize-request-uri-directory 654 P2P 612 pattern-based 40 scan 613 self-directory-traversal attack 654 ZyWALL USG 300 User's Guide 1125
User Guide
Page 1129
... device access troubleshooting 919 device HA 709 active-passive mode 709, 712 cluster ID 712, 932 configuration overview 111 copying configuration 710 device role 715 HA status 712 legacy mode 709, 719 link monitoring 719 management access 710 management IP address 710 modes 709 ZyWALL USG 300 User's Guide Index monitored interfaces 713, 717... Point (DSCP) 619 Diffie-Hellman key group 505 DiffServ 391 Digital Signature Algorithm public-key algorithm, see DSA direct routes 383 direct-connected subnets 99 directory 765 directory service 765 1129
... device access troubleshooting 919 device HA 709 active-passive mode 709, 712 cluster ID 712, 932 configuration overview 111 copying configuration 710 device role 715 HA status 712 legacy mode 709, 719 link monitoring 719 management access 710 management IP address 710 modes 709 ZyWALL USG 300 User's Guide Index monitored interfaces 713, 717... Point (DSCP) 619 Diffie-Hellman key group 505 DiffServ 391 Digital Signature Algorithm public-key algorithm, see DSA direct routes 383 direct-connected subnets 99 directory 765 directory service 765 1129
User Guide
Page 1130
Index file structure 767 directory traversal attack 653 directory traversals 653 disclaimer 5, 1119 Distinguished Name (DN) ... 693 headers 692 virus 599 e-Mule 612 Encapsulating Security Payload, see ESP encapsulation and active protocol 511 IPSec 483 transport mode 510 tunnel mode 510 VPN 510 encryption 1054 and ...active protocol 505 DES 505 encryption method 805 end of Service) attacks 612 double-encoding attack 654 DPD 498 DSA 788 DSCP 384, 386, 574 DTR 870 Dynamic Domain Name System, see DDNS Dynamic Host Configuration Protocol, see also end-point security 821 ESP 483, 510 ZyWALL USG 300...
Index file structure 767 directory traversal attack 653 directory traversals 653 disclaimer 5, 1119 Distinguished Name (DN) ... 693 headers 692 virus 599 e-Mule 612 Encapsulating Security Payload, see ESP encapsulation and active protocol 511 IPSec 483 transport mode 510 tunnel mode 510 VPN 510 encryption 1054 and ...active protocol 505 DES 505 encryption method 805 end of Service) attacks 612 double-encoding attack 654 DPD 498 DSA 788 DSCP 384, 386, 574 DTR 870 Dynamic Domain Name System, see DDNS Dynamic Host Configuration Protocol, see also end-point security 821 ESP 483, 510 ZyWALL USG 300...
User Guide
Page 1148
... 297 virtual 362 VoIP pass through 442 and firewall 438 and NAT 438 and policy routes 437, 438 see also ALG 436 VPN 475 active protocol 510 and NAT 508 and the firewall 460 basic troubleshooting 927 hub-and-spoke, see VPN concentrator IKE SA, see IKE SA IPSec...create 810 weblink 808 webroot-directory-traversal attack 655 weighted round robin (for load balancing) 372 white list (anti-spam) 691, 697, 699, 701 Wi-Fi Protected Access 1054 Windows Internet Naming Service, see WINS Windows Internet Naming Service, see WINS. Windows Remote Desktop 808 ZyWALL USG 300 User's Guide Windows Internet ...
... 297 virtual 362 VoIP pass through 442 and firewall 438 and NAT 438 and policy routes 437, 438 see also ALG 436 VPN 475 active protocol 510 and NAT 508 and the firewall 460 basic troubleshooting 927 hub-and-spoke, see VPN concentrator IKE SA, see IKE SA IPSec...create 810 weblink 808 webroot-directory-traversal attack 655 weighted round robin (for load balancing) 372 white list (anti-spam) 691, 697, 699, 701 Wi-Fi Protected Access 1054 Windows Internet Naming Service, see WINS Windows Internet Naming Service, see WINS. Windows Remote Desktop 808 ZyWALL USG 300 User's Guide Windows Internet ...