9-1
v1.0, January 2010
Chapter 9
Managing Users, Authentication, and Certificates
This chapter describes how to manage users, authentication, and security certificates for IPsec
VPN and SSL VPN. This chapter contains the following sections:
• “Configuring VPN Authentication Domains, Groups, and Users” on this page.
• “Managing Digital Certificates” on page 9-17.
Configuring VPN Authentication Domains, Groups, and
Users
Users are assigned to a group, and a group is assigned to a domain. Therefore, you should first
create any domains, then groups, then user accounts.
You must create name and password accounts for all users who must be able connect to the UTM.
This includes administrators and SSL VPN clients. Accounts for IPsec VPN clients are required
only if you have enabled Extended Authentication (XAUTH) in your IPsec VPN configuration.
Users connecting to the UTM must be authenticated before being allowed to access the UTM or
the VPN-protected network. The login window that is presented to the user requires three items: a
user name, a password, and a domain selection. The domain determines the authentication method
that is used and, for SSL connections, the portal layout that is presented.
Except in the case of IPsec VPN users, when you create a user account, you must specify a group.
When you create a group, you must specify a domain. Therefore, you should first create any
domains, then groups, then user accounts.
Note: IPsec VPN users always belong to the default domain (geardomain) and are not
assigned to groups.