Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsWirelessNetgear STM300
141142143144145146147148149150
148 | Chapter 5. Managing Users, Groups, and Authentication
ProSecure Web/Email Security Threat Management (STM) Appliance
The STM supports both unauthenticated and authenticated users:
Unauthenticated users. Anonymous users who do not log in to the STM and to which
the STM’s default email and Web access policies apply.
Authenticated users. Users who have a computer behind the STM, who log in to the
STM with a user name and password, and who are assigned an access policy that
normally differs from the STM’s default email and Web access policies. Different users or
user groups can have different access policies, so there can be multiple access policies
on the STM.
In addition to being authenticated as individual users, users can be authenticated on the
STM according to group membership or IP address:
- Group membership. A group is defined in the STM’s local database, an LDAP
database, or a RADIUS database. If you use a RADIUS database for authentication, a
group can also be defined in a VLAN.
- IP address. A group is defined by its IP address and subnet.
Note: For detailed information about authentication, see Configuring
Authentication on page 154.
The login window that is presented to this type of users is the User Portal Login screen
(see Figure 88 on page 156), which requires three items: a user name, a password, and a
domain selection. The domain determines the authentication method that needs to be
used—LDAP, Active Directory, RADIUS, or the STM’s local database.
Configuring Groups
The use of groups simplifies the application of exception policies that allow different sets of
users to have different Internet access restrictions. Rather than applying the same exception
to each user, it is easier to apply a single exception to the entire group. For information about
exception policies, see Setting Access Exception Rules for Web Access on page 132.
Note: For information about custom groups that allow you to set access
exceptions for a combination of local groups and local users, groups
and users that are defined by their IP address, LDAP groups and
users, and RADIUS groups and users, see Creating Custom Groups
for Web Access Exceptions on page 139.