Filter
Top Products
121
Chapter 8
User Authentication
WinRoute allows administrators to monitor connections (packet, connection, Web pages
or FTP objects and command filtering) related to each user. The username in each filter-
ing rule represents the IP address of the host(s) from which the user is connected (i.e. all
hosts the user is currently connected from). This implies that a user group represents
all IP addresses its members are currently connected from.
In addition to authentication based access limitations, user login can be used to effec-
tively monitor activity using logs (see chapter 2020)), and status (see chapter 17.2) and
hosts and users (see chapter 17.1). If there is no user connected from a certain host,
only the IP address of the host will be displayed in the logs and statistics.
8.1 Firewall User Authentication
Any user with their own account in WinRoute can authenticate at the firewall (regardless
their access rights). Users can connect:
• Manually — by opening the WinRoute web interface in their browser
https://server:4081/ or http://server:4080/
(the name of the server and the port numbers are examples only — see chapter 9).
It is also possible to authenticate for viewing of the web statistics (see chapter 19) at
https://server:4081/star or http://server:4080/star
The user will be also authenticated at the firewall within this authentication.
• Redirection — when accessing any website (unless access to this page is explicitly
allowed to unauthenticated users — see chapter 10.2).
• Using NTLM — if Microsoft Internet Explorer or Firefox/Netscape/Mozilla/SeaMonkey
is used and the user is authenticated in a Windows NT domain or Active Directory,
the user can be authenticated automatically (the login page will not be displayed). For
details, see chapter 23.3.
• Automatically — IP addresses of hosts from which they will be authenticated auto-
matically can be associated with individual users. This actually means that whenever