Filter
Top Products
Scenario 2: Creating Guest Accounts Using the Local Users List
170 Firebox SSL VPN Gateway
An administrator can also create a list of local users on the Firebox SSL VPN Gateway and configure the
Firebox SSL VPN Gateway to provide authentication and authorization services for these users. This list
of local users is maintained in a database on the Firebox SSL VPN Gateway and not in an external direc-
tory.
Local users are especially useful if the administrator wants to do any of the following:
• Grant access to users who are not listed in any corporate directory
• Grant access to users who are listed in a corporate directory to which the Firebox SSL VPN
Gateway does not connect
• Provide a small number of users with a special level of access to the internal network resources
without creating a new group in the corporate directory for these users
This example assumes the following:
• Silvio Branco and Lisa Marth are consultants that do not work for the corporation and are not
listed in the corporate directory
• Silvio Branco and Lisa Marth must have remote access to the Web conference server on the
internal network to participate in conferences with the Sales and Engineering users who are
employed by the corporation
• The administrator has already completed the previous LDAP authentication with LDAP
authorization example scenario earlier in this chapter to provide Sales and Engineering users
with access to the Web conference server
• The Web conference server IP address is 10.10.50.60
Note
In this example, Silvio Branco and Lisa Marth are referred to as guest users because they are not
employed by the corporation and are not listed in the corporate directory.
To provide Silvio Branco and Lisa Marth with access to the Web conference server, the administrator per-
forms these three procedures:
• Creates a guest user authentication realm
• Creates local users
• Creates and assigns a network resource to the Default user group on the Firebox SSL VPN
Gateway
Creating a Guest User Authentication Realm
Creating a guest user authentication realm is the first of three procedures the administrator performs in
the scenario for creating guest accounts using the Local Users list.
In the previous scenario for configuring LDAP authentication and authorization, the administrator cre-
ated a Default authentication realm to support authentication and authorization of the users listed in a
corporate LDAP directory.
Because Silvio Branco and Lisa Marth are not listed in the corporate LDAP directory, the administrator
creates a separate authentication realm for them that supports the following:
• Local Authentication. This option in an authentication realm ensures that users are authenticated
against a Local Users list on the Firebox SSL VPN Gateway, and not an external directory
• No Authorization. This option in an authentication realm ensures that users of this realm are
provided with the access levels associated with the Default user group on the Firebox SSL VPN
Gateway.