Filter
Top Products
23.5 User accounts and groups in traffic rules
371
Such a rule enables the specified users to connect to the Internet (if authenticated).
However, these users must open the WinRoute interface’s login page manually and au-
thenticate (for details, see chapter 8.1).
However, with such a rule defined, all methods of automatic authentication will be in-
effective (i.e. redirecting to the login page, NTLM authentication as well as automatic
authentication from defined hosts). The reason is that the automatic authentication (or
redirection to the login page) is not invoked unless connection to the Internet is being
established (for license counting reasons — see chapter 4.6). However, this NAT rule
blocks any connection unless the user is authenticated.
Enabling automatic authentication
The automatic user authentication issue can be solved easily as follows:
• Add a rule allowing an unlimited access to the HTTP service before the NAT rule.
Figure 23.9 These traffic rules enable automatic redirection to the login page
• In URL rules (see chapter 10.2), allow specific users to access any Web site and deny
any access to other users.
Figure 23.10 These URL rules enable specified users to access any Web site
User not authenticated yet who attempts to open a Web site will be automatically redi-
rected to the authentication page (or authenticated by NTLM, or logged in from the
corresponding host). After a successful authentication, users specified in the NAT rule
(see figure 23.9) will be allowed to access also other Internet services. As well as users
not specified in the rules, unauthenticated users will be disallowed to access any Web
site or/and other Internet services.