Adconf

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
Line 14: Line 14:
 
== Settings  ==
 
== Settings  ==
  
To enable "AD Integration", the following conditions must be met:
+
* Domain Controller: Domain Controller ip address.
* A valid enterprise license of WFilter NG Firewall.
+
* Port: port of your DC, 389 in default.
* A valid active directory.
+
* Domain Admin: domain admin user(The admin user shall belong to the "Domain Admins" group.)
* Admin access to the active directory(The admin user shall belong to the "Domain Admins" group.)
+
* Domain Name: domain dns name.
[[File:Faq_en_adconf001.png|650px]]
+
* DC Location: where is your DC located?
 +
* Script Key: communication key for the adclient logon/logoff script.
 +
* Advanced Settings:
 +
** Interval of polling domain controller, 10 seconds in default.
 +
** User entry timeout, user will expire upon timeout.
 +
** Sync domain users, automatically retrieve users from domain controller.
 +
 
 +
[[File:Faq_en_adconf001.png|900px]]
  
 
[[File:Faq_en_adconf002.png|650px]]
 
[[File:Faq_en_adconf002.png|650px]]

Revision as of 19:29, 31 December 2017

1 AD Integration

"AD Integration" enables you to integrate WFilter NG Firewall with microsoft active directory, so you can:

  • Detect AD username of online devices.
  • Set internet access and bandwidth shaper policies based on AD users.
  • Record AD users internet activity.

For example:

  • The real-time bandwidth will show AD username:

Ros adconf 001.png

  • Choose applied-to users(AD OU & users):

Faq en adconf003.png

2 Settings

  • Domain Controller: Domain Controller ip address.
  • Port: port of your DC, 389 in default.
  • Domain Admin: domain admin user(The admin user shall belong to the "Domain Admins" group.)
  • Domain Name: domain dns name.
  • DC Location: where is your DC located?
  • Script Key: communication key for the adclient logon/logoff script.
  • Advanced Settings:
    • Interval of polling domain controller, 10 seconds in default.
    • User entry timeout, user will expire upon timeout.
    • Sync domain users, automatically retrieve users from domain controller.

Faq en adconf001.png

Faq en adconf002.png

  • Notice:
    • WFilter NG Firewall uses different machanism to retrieve logon domain users when the DC is in external or internal network.
    • When "automatically sync domain users" is enabled, new or deleted domain users will be synced to WFilter.
    • WFilter detects a domain user when it login into the active directory. So you might need to wait sometime to see logon users.
    • The default user entry timeout is 30 hours. If no re-logon happens in 30 hours after last time logon, this username will be timeout.
    • Some programs in the client device will automaticaly logon into the domain with a different AD user. In this case, you can add this user into the "Exception List".

3 FAQ

Personal tools
Namespaces

Variants
Actions
Navigation
Tools