Use Authorized Users and Groups in Policies

You can use specified user and group names when you create policies in Policy Manager. For example, you can define all policies to only allow connections for authenticated users. Or, you can limit connections on a policy to particular users.

The term authorized users and groups refers to users and groups that are allowed to access network resources.

Define Users and Groups for Firebox Authentication 

If you use your Firebox or XTM device as an authentication server and want to define users and groups that authenticate to the Firebox or XTM device, see Define a New User for Firebox Authentication and Define a New Group for Firebox Authentication.

Define Users and Groups for Third-Party Authentication

You can use Policy Manager to define the users and groups to use for third-party authentication.

1. Create a group on your third-party authentication server that contains all the user accounts on your system.
2. Select Setup > Authentication > Authorized Users/Groups.
   The Authorized Users and Groups dialog box appears.

3. Click Add.
   The Define New Authorized User or Group dialog box appears.
   

4. Type a user or group name you created on the authentication server.
5. (Optional) Type a description for the user or group.
6. Select Group or User.
7. From the Auth Server drop-down list, select your authentication server type.

Select RADIUS for authentication through a RADIUS or VACMAN Middleware server, or Any for authentication through any other server.

8. Click OK.

Add Users and Groups to Policy Definitions 

Any user or group that you want to use in your policy definitions must be added as an authorized user. All users and groups you create for Firebox authentication and all Mobile VPN users are automatically added to the list of authorized users and groups on the Authorized Users and Groups dialog box. You can add any users or groups from third-party authentication servers to the authorized user and group list with the previous procedure. You are then ready to add users and groups to your policy configuration.

1. From Policy Manager,select the Firewall tab.
2. Double-click a policy.
   The Edit Policy Properties dialog box appears.
3. On the Policy tab, below the From box, click Add.
   The Add Address dialog box appears.
4. Click Add User.
   The Add Authorized Users or Groups dialog box appears.

5. From the left Type drop-down list, select whether the user or group is authorized as a Firewall, PPTP, or SSL VPN user.

For more information on these authentication types, see Types of Firebox Authentication.

6. From the right Type drop-down list, select either User or Group.
7. If your user or group appears in the Groups list, select the user or group and click Select.
   The Add Address dialog box reappears with the user or group in the Selected Members or Addresses box.

Click OK to close the Edit Policy Properties dialog box.

8. If your user or group does not appear in the list in the Add Authorized Users or Groups dialog box, see Define a New User for Firebox Authentication, Define a New Group for Firebox Authentication, or the previous Define users and groups for third-party authentication procedure.

After you add a user or group to a policy configuration, WatchGuard System Manager automatically adds a WatchGuard Authentication policy to your Firebox or XTM device configuration. Use this policy to control access to the authentication portal web page.

For instructions to edit this policy, see Use Authentication to Restrict Incoming Traffic.

See Also

About Using Third-Party Authentication Servers

Set Access Rules for a Policy

Give us feedback  •   Get Support  •   All product documentation  •   Knowledge Base

© 2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.