Chapter 9 - Configuring User Segmentation

Abstract

Configuring the appropriate user authentication method for one's environment is a critical part of securing the network. Networks with a relatively small number of users can authenticate users with the SonicWALL UTM appliance's local user database. Authenticating users and controlling their access to the network is a critical security measure. One has several choices of user authentication methods. For large networks, one can configure SonicOS to use an external LDAP or RADIUS server for user authentication. SSO is available with both local and LDAP authentication. SonicOS offers a number of features for segmenting users to provide customized access control for different classes of users; Dynamic Address Objects (DAOs), Application Firewall, and Virtual Access Points (VAPs) provide unique ways of managing the users. The VAP feature enables a single SonicWALL UTM appliance to provide multiple wireless access points. One can use MAC DAOs to apply consistent firewall access rules to devices whose IP addresses are assigned by DHCP, and use FQDN DAOs in access rules that manage bandwidth to and from certain websites. Application Firewall provides granular control of network usage at the level of users, user groups, and email users. One can configure VAPs to provide customized wireless access for different classes of users. This chapter discusses the configuration tasks for implementing each of these features to achieve user segmentation.