9.4. Identity Awareness

You can find the Identity Awareness Settings at Authentication → Identity Awareness.

Identity Awareness allows you to associate Firewall Rules (Forward and Input) with Users and Groups. It allows for User associaten in Firewall Rules and management of user aware rules. In contrast to Network Objects the User IP Address can be updated dynamically.

Identity Awareness Firewall Rule

A User or Group have to be created in VT AIR in order to use the User in a Firewall Rule. For larger environments an LDAP or Active Directory with User and Group Sync can be used Authentication Server.

9.4.1. Settings

Enabled enables users and groups to be usable in Firewall Rules

Captive Portal Enabled will create a Captive Portal that you can configure and enable for users to login an associate their current IP Address with their user in VT AIR. It allows for dynamic IP association of a User with their current Dynamic IP.

PC Client Filter IPs will allow only IPs that are set in a network range from a firewall interface.

PC Client Connect Password is the password to initially connect the PC Client to the firewall.

Below is a list of all registered PC Clients. Each client has to be manually allowed in the actions column, so he can connect to the VT AIR.

Identity Awareness

9.4.2. User Settings

Each User has a Identity Awareness subpage in the Authentication → Users page.

User Identity Awareness List

It allows for static DHCP or static IP Address association with the User.

User Identity Awareness DHCP

This is in addition to any Captive Portal dynamic IP the user might be registering.

User Identity Awareness IP