By default,
Deep Edge only allows traffic that is explicitly
allowed by policy rules. Users from specified IP addresses are identified using User
Identification and authentication methods. Other policies are enforced by source and
destination
IP address, profiles, service, schedule, and/or application type.
A UserID Agent is a Deep Edge application
installed on the network to obtain needed mapping information between IP addresses
and network
users. The UserID Agent collects user-to-IP address mapping information automatically
and
provides it to the firewall for use in security policies and logging.
Configure specific IP addresses or IP address ranges to use specific authentication
approaches:
- For transparent authentication, Deep Edge retrieves the login log information from the Domain
Controller periodically, which makes it possible to map a user to an IP address. If
this fails,
Deep Edge directly connects to the client machine (the one trying to access a location outside
the network) to query for the current logged-in user. (This requires that the LDAP
settings
account has the appropriate privileges.)
- For captive portal, if an IP address is not authenticated yet, and if the current
request is
a HTTP request, the user is directed to a web page to provide domain account login
information.
For user/group information, Deep Edge periodically synchronizes the overall LDAP user tree to a
local cache. Subsequent user-group relationship queries are resolved locally.
|
Note
User identification mapping requires that the firewall obtain the
source IP address of the user before the IP address is translated with NAT. If multiple
users
appear to have the same source address, due to NAT or use of a proxy device, accurate
user
identification is not possible.
|
The list of UserID policies uses the entries.
The custom captive portal sign-in can be accessed from the page. If the UserID Agent is unable to associate a user with an IP address, a
captive portal can take over and authenticate the user. For more information, see
About Captive Portal.