Manualshelf

- Kerio WinRoute Firewall Administrator's Guide

ManualsBrandsKerio Tech ManualsNetwork RouterFirewall6
191192193194195196197198199200
13.3 Local user database: external authentication and import of accounts
195
If a user works at a reserved workstation (i.e. this computer is not by any other user)
with a fixed IP address (static or reserved at the DHCP server), the user can use automatic
login from the particular IP address. This implies that whenever a connection attempt
from this IP address is detected, WinRoute assumes that the connection is performed
by the particular user and it does not require authentication. The user is logged-in
automatically and all functions are available as if connected against the username and
password.
This implies that only one user can be automatically authenticated from a particular IP
address. When a user account is being created, WinRoute automatically detects whether
the specified IP address is used for automatic login or not.
Automatic login can be set for the firewall (i.e. for the WinRoute host) or/and for any
other host(s) (i.e. when the user connects also from an additional workstation, such as
notebooks, etc.). An IP address group can be used for specification of multiple hosts
(refer to chapter 12.1).
Warning: Automatic login decreases user’s security. If an unauthorized user works
on the computer for which automatic login is enabled, he/she uses the identity of the
host’s user who is authenticated automatically. Therefore, automatic login should be
accompanied by another security feature, such as by user login to the operating system.
IP address which will be always assigned to the VPN client of the particular user can be
specified under VPN client address. Using this method, a fixed IP address can be assigned
to a user when he/she connects to the local network via the Kerio VPN Client. It is pos-
sible to add this IP to the list of IP addresses from which the user will be authenticated
automatically.
For detailed information on the Kerio Technologies’ proprietary VPN solution, refer to
chapter 21.
Editing User Account
The Edit button opens a dialog window where you can edit the parameters of the user
account. This dialog window contains all of the components of the account creation
guide described above, divided into tabs in one window.
13.3 Local user database: external authentication and import of ac-
counts
User in the local database can be authenticated either at the Active Directory domain or
at the Windows NT domain (see chapter 13.2, step one). To enable these authentication
methods, corresponding domains must be set in the Local User Database section on the
Authentication Options tab.