User Management

In networking and firewalling, often policies and reporting are done with IP addresses. This is because devices are most easily identified by their IP address because every single IP packet contains an source IP address and a destination IP address.

However, often it is more convenient for administrators to set policy and review reporting data using "usernames."

For example, I wish to allow jerry to visit a specific website where other users are not allowed to visit. I want Jerry to be able to visit this website from any device, as long as Jerry is the one using the device.

Alternatively, I may wish to review all of sally's network activity. I may not care which device Sally is using at any given time or if she is using multiple devices. I want to see all of her activity.

There are indeed many cases, where it is more convenient to users (or groups) instead of IP address or MAC address to identify and handle network traffic appropriately. However, as stated earlier IP packets do not contain a username. The IP (Internet Protocol) header contains a source IP address and a destination IP address.

Given this, How is it possible to control traffic via username? In other words, if we see a packet from 192.168.1.100 going to 1.2.3.4 - how do we know which "user" is responsible for this packet?

The way Untangle handles this is very simple. It maintains a mapping from IP address to username. This mapping can be viewed by looking at Hosts. At any given time, Untangle knows the jerry is logged into 192.168.1.100 so anytime Untangle sees traffic from 192.168.1.100 it knows to associate this traffic with username jerry.