I've assigned alternate ports to the remote admin to allow the user login console to be accessed via port 80/443 and have successfully logged into the user console and noted that when in Status/Users I can see the authenticated users and can also successfully logout the authenticated users.
My goal: I want to require remote server administrators who would like to access their website servers remotely using either RDP port 3389 or VNC using 5800/5900 to first login as a remote user to allow my DFL-700 to accept their IP address. This will hopefully allow our network to block all unauthorized 3389,5800, and 5900 activity which is primarily scans from various worms on the internet.
I have successfully created users and assigned them to a group called remote. I can DROP or ALLOW all access to the ports I want to authenticate.
The PROBLEM:
As soon as I add "Any", or the username or the group name (remote) to the "Users/Groups" fields in the firewall policy page along with the ports that I either have setup to Allow or Drop it makes no differnce. Once the user/groups fields are populated the ports no longer block the activity to those ports.
HOW can I properly setup authentication requirements to access those ports that I mentioned?
Also, does the "Any" or username need to appear in the source, destination, or both given the configuration requirements that I noted in my post.
Author
Topic: User Authentication: DFL-700 (Read 2995 times)