User's Manual
Table Of Contents
- ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
- Contents
- About This Manual
- Chapter 1 Introduction
- Chapter 2 Using the Setup Wizard to Provision the STM in Your Network
- Choosing a Deployment Scenario
- Understanding the Steps for Initial Connection
- Logging In to the STM
- Using the Setup Wizard to Perform the Initial Configuration
- Setup Wizard Step 1 of 10: Introduction
- Setup Wizard Step 2 of 11: Networking Settings
- Setup Wizard Step 3 of 11: Time Zone
- Setup Wizard Step 4 of 11: Email Security
- Setup Wizard Step 5 of 11: Web Security
- Setup Wizard Step 6 of 11: Email Notification Server Settings
- Setup Wizard Step 7 of 11: Update Settings
- Setup Wizard Step 8 of 11: HTTP Proxy Settings
- Setup Wizard Step 9 of 11: Web Categories
- Setup Wizard Step 10 of 11: Configuration Summary
- Setup Wizard Step 11 of 11: Restarting the System
- Verifying Proper Installation
- Registering the STM with NETGEAR
- What to Do Next
- Chapter 3 Performing Network and System Management
- Configuring Network Settings
- Configuring Session Limits and Timeouts
- Configuring the HTTP Proxy Settings
- About Users with Administrative and Guest Privileges
- Configuring Remote Management Access
- Using an SNMP Manager
- Managing the Configuration File
- Updating the Software
- Configuring Date and Time Service
- Managing Digital Certificates
- Managing the Quarantine Settings
- Performance Management
- Chapter 4 Content Filtering and Optimizing Scans
- About Content Filtering and Scans
- Configuring E-mail Protection
- Configuring Web and Services Protection
- Configuring Application Control
- Setting Scanning Exclusions and Web Access Exceptions
- Chapter 5 Managing Users, Groups, and Authentication
- About Users, Groups, and Domains
- Configuring Groups
- Configuring User Accounts
- Configuring Authentication
- Global User Settings
- Viewing and Logging Out Active Users
- Chapter 6 Monitoring System Access and Performance
- Chapter 7 Troubleshooting and Using Online Support
- Appendix A Default Settings and Technical Specifications
- Appendix B Related Documents
- Index
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
5-2 Managing Users, Groups, and Authentication
v1.0, September 2009
• Authenticated users. User who have a computer behind the STM, who log in to the STM
with a user name and password, and who are assigned an access policies that normally differs
from the STM’s default e-mail and Web access policies. Different users or user groups can
have different access policies, so there can be multiple access policies on the STM.
In addition to being authenticated as individual users, users can be authenticated on the STM
according to group membership or IP address:
– Group membership. A group is defined in the STM’s local database, an LDAP database,
or a RADIUS database. If you use a RADIUS database for authentication, a group can also
be defined in a VLAN.
– IP address. A group is defined by its IP address and subnet.
The login window that is presented to this type of users is the User Portal Login screen (see
Figure 5-7 on page 5-10), which requires three items: a user name, a password, and a domain
selection. The domain determines the authentication method that must be used—LDAP,
Active Directory, RADIUS, or the STM’s local database.
Configuring Groups
The use of groups simplifies the application of exception policies that allow different sets of users
to have different Internet access restrictions. Rather than applying the same exception to each user,
it is easier to apply a single exception to the entire group. For information about exception policies,
see “Setting Web Access Exception Rules” on page 4-48.
You can define groups either by name or by IP address and subnet:
• Groups defined by name. These are local groups on the STM to which you can add users
from the STM’s local user database. Local groups are automatically assigned to the STM’s
prosecuredomain default domain.
• Groups defined by IP address and subnet. These are groups that can be on your local
network or on a remote device.
Note: For detailed information about authentication, see “Configuring
Authentication” on page 5-9.
Note: For information about groups that are defined by VLANs, see “Creating and
Deleting VLANs for Use with RADIUS Domains” on page 5-23.