TMS zl Management and Configuration Guide ST.1.1.100226
4-55
Firewall
User Authentication
2. Create a group-specific, rate-limiting access policy that allows HTTPS
traffic from the zone in which you will require authentication.
See “Configure the Access Policy to Permit Log in Traffic” on page 4-56.
3. Configure authentication, either:
• Configure authentication to the local database.
See “Configure Authentication to the Local Database” on page 4-60.
• Configure authentication to an external RADIUS server.
See “Configure Authentication to an External RADIUS Server” on
page 4-62.
4. Set up firewall access policies for each user group.
See “Create Firewall Access Policies” on page 4-29. Make sure to select
the correct user group from the User Group list before you create the access
policies to control each set of users.
Caution The user group access policies do not have an implicit deny at the end. Instead,
a packet that does not match one of the user group policies is matched against
the global (user group None) policies. Then, if none of those policies select
the traffic, the global implicit deny takes effect and the packet it dropped.
Therefore, you should carefully check the global access policies to ensure that
they do not allow your users inappropriate access rights.
Educating Users
After you complete these tasks, you should explain to users how to authenti-
cate to the TMS zl Module. When users first connect to the network, they must
direct their endpoint’s Web browser to one of the module’s IP addresses, using
the correct protocol (HTTP or HTTPS). They will see the TMS zl Module log
in page, in which they submit their credentials. If their credentials are
accepted, they can then access the network resources and services to which
they have rights.
Configure Web Login Page and Web Settings
To configure the Web login page and Web settings, complete the following
steps:
1. Click System > Settings > General.