Dynamically Manage Access Authority Via Radius Dynamic Authorization
This example introduces how to dynamically manage access authority via radius dynamic authorization.
As shown in the topology, one enterprise can configure Radius server authentication and enable authorization policy to dynamically manage the access authority of visitors. When the visitor logins the SSLVPN, the radius server issues authorization policy to the firewall allowing the visitor to visit the network segment 10.160.64.0/21. When the visitor successfully logins, the administrator can use CoA messages to modify the issued authorization policy, adding new network segment 10.160.32.0/21 that the visitor is allowed to visit. When the visitor logs out, the firewall will automatically delete the responding authorization policy.
|Step 1: Configure the Interface to Link Radius Server.|
|Select Network>Interface, and double click ethernet0/0.
|Step 2: Create New Aggregate Policy.|
Select Policy>Security Policy>Policy, and click New>Aggregate Policy.
|Step 4: Enable Radius Dynamic Authorization.|
Click Object>Radius Dynamic Authorization, and click the Enable button of Radius Dynamic Authorization.
|Step 6: Results.|
1. User1 can access 10.160.64.52.
|2. Corresponding policy is created on Firewall.|
|Step 8: User1 logs out of SSLVPN.|
|User1 logs out of SSLVPN, and the corresponding policies are deleted from Firewall.|