9.4. Identity Awareness¶
You can find the Identity Awareness Settings at Authentication → Identity Awareness.
Identity Awareness allows you to associate Firewall Rules (Forward and Input) with Users and Groups. It allows for User associaten in Firewall Rules and management of user aware rules. In contrast to Network Objects the User IP Address can be updated dynamically.
A User or Group have to be created in VT AIR in order to use the User in a Firewall Rule. For larger environments an LDAP or Active Directory with User and Group Sync can be used Authentication Server.
Enabled enables users and groups to be usable in Firewall Rules
Captive Portal Enabled will create a Captive Portal that you can configure and enable for users to login an associate their current IP Address with their user in VT AIR. It allows for dynamic IP association of a User with their current Dynamic IP.
PC Client Filter IPs will allow only IPs that are set in a network range from a firewall interface.
PC Client Connect Password is the password to initially connect the PC Client to the firewall.
Below is a list of all registered PC Clients. Each client has to be manually allowed in the actions column, so he can connect to the VT AIR.
9.4.2. User Settings¶
Each User has a Identity Awareness subpage in the Authentication → Users page.
It allows for static DHCP or static IP Address association with the User.
This is in addition to any Captive Portal dynamic IP the user might be registering.