User Management

From Edge Threat Management Wiki - Arista
Revision as of 20:55, 31 May 2017 by Dmorris (talk | contribs)
Jump to navigationJump to search

In networking and firewalling, often policies and reporting are done with IP addresses. This is because devices are most easily identified by their IP address because every single IP packet contains an source IP address and a destination IP address.

However, often it is more convenient for administrators to set policy and review reporting data using "usernames."

For example, I wish to allow jerry to visit a specific website where other users are not allowed to visit. I want Jerry to be able to visit this website from any device, as long as Jerry is the one using the device.

Alternatively, I may wish to review all of sally's network activity. I may not care which device Sally is using at any given time or if she is using multiple devices. I want to see all of her activity.

There are indeed many cases, where it is more convenient to users (or groups) instead of IP address or MAC address to identify and handle network traffic appropriately. However, as stated earlier IP packets do not contain a username. The IP (Internet Protocol) header contains a source IP address and a destination IP address.

Given this, How is it possible to control traffic via username? In other words, if we see a packet from 192.168.1.100 going to 1.2.3.4 - how do we know which "user" is responsible for this packet?

The way Untangle handles this is very simple; it maintains a mapping from IP address to username. This mapping can be viewed by looking at Hosts. At any given time, Untangle knows the jerry is logged into 192.168.1.100 so anytime Untangle sees traffic from 192.168.1.100 it knows to associate this traffic with username jerry.

Hosts Mapping

To view the current username associated with any host view the Hosts table. Each host has several username-related attributes:

  • Username is the username associated with this host.
  • Username Source is the source of that username, which can be one of many described below.
  • Username (Directory Connector) is the username according to Directory Connector
  • Username (Captive Portal) is the username according to Captive Portal
  • Username (Device) is the username of this host's MAC address according to Devices
  • Username (OpenVPN) is the username according to OpenVPN
  • Username (IPsec VPN) is the username according to IPsec VPN