Firewall allow access for user Radius

Denis
Denis Posts: 13  Freshman Member
First Anniversary First Comment
edited April 2021 in Security
I use a local user database, I want to use authentication in the radius of the service. In firewall policies, I can use a user from a local database. Can I use users from radius in firewall rules?

I use USG310, Windows NPS (Radius) + Active directory users.

Exemple print screen, local users:

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @Denis
    If you want to create the firewall profile for radius user, Go to User/group, and fill the value on the  group identifier which is in the RADIUS server indicates the attribute value:
    The value must be the same as the RADIUS server's setting.

  • Denis
    Denis Posts: 13  Freshman Member
    First Anniversary First Comment
    Zyxel_Charlie 
    Hi, thanks for the reply!
    I need to give access personally for a specific user to a specific ip on a specific port.
    Example:
    from: 192.168.0.2
    To: 192.168.1.2
    User: User123
    Service: 3389

    As I understand it, I can’t manage the firewall policies so flexibly using the radius service?


    When using rsa on the zywall side and authentication by login and password, the user’s login and password remain virtually the only protection, brute force attack possible, is there any way to protect against this?
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @Denis
    The radius user can be controlled by security policy. The rule you mentioned can be worked, however, the 192.168.0.2 and 192.168.1.2 need to locate in different lan subnet.


    Also,you can limit the source IP which can only access to zywall to protect against.

Security Highlight