User manual D-LINK DFL-700 SECURIGATE

[. . . ] D-Link DFL-700 TM Network Security Firewall Manual Building Networks for People (20031225) Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Features and Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Introduction to Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Introduction to Local Area Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] The password can contain numbers (0-9) and upper and lower case letters (A-Z, a-z). Special characters and spaces are not allowed. Delete Administrative User To delete a user click on the user name and you will see the following screen. Follow these steps to delete an Administrative User. Enable the Delete user checkbox. Click the Apply button below to apply the setting or click Cancel to discard changes. Note: Deleting a user is irreversible; once the user is deleted, it cannot be undeleted. 36 Users User Authentication allows an administrator to grant or reject access to specific users from specific IP addresses, based on their user credentials. Before any traffic is allowed to pass through any policies configured with username or groups, the user must first authenticate him/her-self. The DFL-700 can either verify the user against a local database or passes along the user information to an external authentication server, which verifies the user and the given password, and transmits the result back to the firewall. If the authentication is successful, the DFL. 700 will remember the source IP address of this user, and any matching policies with usernames or groups configured will be allowed. Specific policies that deal with user authentication can be defined, thus leaving policies that not require user authentication unaffected. The DFL-700 supports the RADIUS (Remote Authentication Dial In User Service) authentication protocol. This protocol is heavily used in many scenarios where user authentication is required, either by itself or as a front-end to other authentication services. The DFL-700 RADIUS Support The DFL-700 can use RADIUS to verify users against for example Active Directory or Unix password-file. It is possible to configure up to two servers, if the first one is down it will try the second IP instead. The DFL-700 can use CHAP or PAP when communicating with the RADIUS server. CHAP (Challenge Handshake Authentication Protocol) does not allow a remote attacker to extract the user password from an intercepted RADIUS packet. However, the password must be stored in plaintext on the RADIUS server. PAP (Password Authentication Protocol) might be defined as the less secure of the two. If a RADIUS packet is intercepted while being transmitted between the firewall and the RADIUS server, the user password can be extracted, given time. The upside to this is that the password does not have to be stored in plaintext in the RADIUS server. The shared secret enables basic encryption of the user password when the RADIUS-packet is transmitted from the firewall to the RADIUS server. The shared secret is case sensitive, can contain up to 100 characters, and must be typed exactly the same on both the firewall and the RADIUS server. Enable User Authentication via HTTP / HTTPS Follow these Authentication. Specify the idle-timeout, the time a user can be idle before being logged out by the firewall. Choose new ports for the management WebUI to listen on as the user authentication will use the same ports as the management WebUI is using. . Click the Apply button below to apply the setting or click Cancel to discard changes. Enable RADIUS Support Follow these steps to enable RADIUS support. Specify the shared secret for this connection. Click the Apply button below to apply the setting or click Cancel to discard changes. 38 Add User Follow these steps to add a new user. [. . . ] Zum Netzanschluß dieses Gerätes ist eine geprüfte Leitung zu verwenden, Für einen Nennstrom bis 78 6A und einem Gerätegewicht gr ßer 3kg ist eine Leitung nicht leichter als H05VV-F, 3G, 0. 75mm2 einzusetzen. D-Link is a registered trademark of D-Link Corporation/D-Link Systems, Inc. Copyright Statement No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems Inc. , as stipulated by the United States Copyright Act of 1976. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures Warnung! [. . . ]