User Management
601
SonicOS Enhanced 4.0 Administrator Guide
Figure 52:2 Local Groups Authentication Flow Diagram
To apply Content Filtering Service (CFS) policies to users, the users must be members of local
groups and the CFS policies are then applied to the groups. To use CFS, you cannot use LDAP
or RADIUS without combining that method with local authentication. When using the combined
authentication method in order to use CFS policies, the local group names must be an exact
match with the LDAP or RADIUS group names. When using the LDAP + Local Users
authentication method, you can import the groups from the LDAP server into the local database
on the SonicWALL. This greatly simplifies the creation of matching groups, to which CFS
policies can then be applied.
The SonicOS user interface provides a way to create local user and group accounts. You can
add users and edit the configuration for any user, including settings for the following:
• Group membership - Users can belong to one or more local groups. By default, all users
belong to the groups Everyone and Trusted Users. You can remove these group
memberships for a user, and can add memberships in other groups.
• VPN access - You can configure the networks that are accessible to a VPN client started
by this user. When configuring VPN access settings, you can select from a list of networks.
The networks are designated by their Address Group or Address Object names.
You can also add or edit local groups. The configurable settings for groups include the
following:
• Group members - Groups have members that can be local users or other local groups.
• VPN access - VPN access for groups is configured in the same way as VPN access for
users. You can configure the networks that are accessible to a VPN client started by a
member of this group. When configuring VPN access settings, you can select from a list of
networks. The networks are designated by their Address Group or Address Object
names.
• CFS policy - You can apply a content filtering (CFS) policy to group members. The CFS
policy setting is only available if the SonicWALL is currently licensed for Premium Content
Filtering Service.
,QWHUQHW
02/
5SER
7ORKSTATION
5SERATTEMPTSTOACCESSTHEWEB
3.7,REQUIRESAUTHENTICATIONOFTHE5SER
REDIRECTSWORKSTATIONTOAUTHENTICATE
5SERAUTHENTICATESWITHCREDENTIALS
3.7,,OCAL$ATABASEAUTHORIZESORDENIESACCESSBASEDON5SERPRIVILEGES