beautypg.com

User authentication, Firewall user authentication, Chapter 10 – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 137: 1 firewall user authentication

background image

137

Chapter 10

User Authentication

WinRoute allows administrators to monitor connections (packet, connection, Web pages or

FTP objects and command filtering) related to each user. The username in each filtering rule

represents the IP address of the host(s) from which the user is connected (i.e. all hosts the

user is currently connected from). This implies that a user group represents all IP addresses

its members are currently connected from.

Besides access restrictions, user authentication can be used also for monitoring of their activ-

ities in the Kerio StaR interface (see chapter

21

), in logs (see chapter

22

), in the list of opened

connections (see chapter

19.2

) and in the overview of hosts and users (see chapter

19.1

). If

there is no user connected from a certain host, only the IP address of the host will be displayed

in the logs and statistics. In statistics, this host’s traffic will be included in the group of not

logged in users.

10.1 Firewall User Authentication

Any user with their own account in WinRoute can authenticate at the firewall (regardless their

access rights). Users can connect:

Manually — by opening the WinRoute web interface in their browser

https://server:4081/

or http://server:4080/

(the name of the server and the port numbers are examples only — see chapter

11

).

It is also possible to authenticate for viewing of the web statistics (see chapter

21

) at

https://server:4081/star

or http://server:4080/star

Note: Login to the Web Administration interface at

https://server:4081/admin

or http://server:4080/admin

is not equal to user authentication at the firewall (i.e. the user does not get authenti-

cated at the firewall by the login)!

Automatically — IP addresses of hosts from which they will be authenticated auto-

matically can be associated with individual users. This actually means that whenever

traffic coming from the particular host is detected, WinRoute assumes that it is cur-

rently used by the particular user , and the user is considered being authenticated

from the IP address. However, users may authenticate from other hosts (using the

methods described above).

IP addresses for automatic authentication can be set during definition of user account

(see chapter

15.1

).

This authentication method is not recommended for cases where hosts are used by

multiple users (user’s identity might be misused easily).