Инструкция для ZYXEL ZyWALL OTPv2

(скачивание инструкции бесплатно)

Формат файла: PDF

Доступность: Бесплатно как и все руководства на сайте. Без регистрации и SMS.

Дополнительно: Чтение инструкции онлайн

Chapter 4: Basic Administration Tasks
Configuring alternative group policies

Configuring
alternative group
policies

SafeWord 2008’s default configuration should suit the majority of network
topologies and use cases. The SafeWord Agent is responsible for checking
group membership and submitting authentication requests to the
Authentication Engine (see Figure 29).

Figure 29:

Typical

network setup

Occasionally, the default configuration may not fit a particular network topology
or management policies. If computers in a network DMZ do not have
anonymous access to Active Directory, the SafeWord Agent is unable to
contact Active Directory and read group membership information in order to
determine which users require SafeWord 2008 authentication. You can
configure SafeWord 2008 to handle such a scenario (see Figure 30).

Figure 30:

Alternative

network topology

In this configuration, group membership checking is done by the SafeWord
server (rather than the agent). Since the server will typically be running inside
the trusted network, it should have no difficulty obtaining the necessary
information from Active Directory.

DMZ

SafeWord

Agent

AAA

Group checking

Inside

SafeWord

Server

Authentication

Typical

DMZ

SafeWord