Create Named User Groups

After defining the Default User Group, look at your LAN and decide what groups of IP addresses will need similar permissions in your domain and in any of your extranets. This means deciding what remote computers and applications each local computer will need to access or be accessed by, and what protocols must be allowed or denied over their secure connections. Divide your LAN's IP addresses and subnets into groups based on these criteria.

On the User Groups tab, you must configure these groups into named User Groups. You can define as many named User Groups as you need. Named User Groups in a Location can overlap with each other. However, you cannot create two named User Groups that contain the exact same set of IP addresses.

To configure a named User Group, click the Add button. The Add User Group screen will be displayed.

Complete the screen as follows:

  • User Group Name: Enter a name for this User Group.

  • Firewall Policy: If you would like, you can choose an optional Firewall Policy that will apply to all traffic to and from this User Group.

  • Inbound QoS: If you would like, you can choose optional QoS settings for traffic inbound to this User Group. To specify the priority of traffic inbound through the Corente Services Gateway to this User Group, choose a QoS entry from the Inbound QoS pulldown menu.

  • Outbound QoS: If you would like, you can choose optional QoS settings for traffic outbound from this User Group. To specify the priority of traffic outbound through the Corente Services Gateway from this User Group, choose a QoS entry from the Outbound QoS pulldown menu.

    Note

    As when performing any sort of QoS configuration, administrators must be careful when assigning QoS levels because if there is too much high priority traffic, any other traffic with a lower level of priority may become too slow or even be dropped. In addition, you cannot use QoS to prioritize traffic to or from a Corente Client.

  • User Group is Within Secure Network: Select this option if you would like this User Group to participate in the secure network. This option is selected by default. There are occasionally reasons to create User Groups that are not within the secure application network. Remember that named User Groups within the application network must be subsets of the Default User Group (in other words, they can only include addresses that are also included in the Default User Group).

  • Special Internal Network Description Group: This option will not be chosen by default and cannot be changed.

  • User Group Subnet/Address Ranges: This section enables you to define the subnets/ranges that you would like to include in this User Group. The table lists all the ranges that you have already added. You may Edit or Delete any range listed in the table. To add a new subnet/range, select the Add button.

    Note

    When capturing the IP addresses to be included in a User Group, the Include Subnet and Exclude Range options cause the definition of the User Group to differ, as follows:

    • When all groups of IP addresses in the User Group are specified as Included, the User Group will contain only those IP addresses listed.

    • When all groups of IP addresses in the User Group are specified as Excluded, the User Group will contain all IP addresses within the Default User Group except for the excluded IP addresses.

    • When some groups of IP addresses are specified as Included and some as Excluded, the User Group will contain only those IP addresses listed as Includes except for the excluded IP addresses.

  • Include Subnet: Select this option to specify a range that will be included in the group. Fill out the available fields as follows:

    • Network Address: Enter the first address of the subnet in this field.

    • Subnet Mask: Enter the net mask of the subnet in this field, which will define the range of addresses within this subnet.

      Note

      If you include a range of IP addresses that is not contained within the same subnet of the LAN IP Address of the Corente Services Gateway or not distributed by the Corente Services Gateway’s DHCP server, you must provide routing information to this subnet on the Routes tab or enable RIPv2 or OSPF on the Network tab of this form.

  • Exclude Range: Select this option to specify a range that will be excluded in the group. Fill out the available fields as follows:

    • Start Address: Enter the first address of the range that you would like to be excluded from an existing included range.

    • End Address: Enter the last address of the range that you would like to be excluded from an existing included range. If the range includes only one address, you do not need to fill in this field.

    Click OK to add this definition to your User Group or Cancel to close the window and discard your changes. Repeat this process for as many subnets as you would like to add to your User Group.

When you are finished defining your User Group, click the OK button to save your changes and return to the main User Groups tab. The named User Group will now be displayed in the table.

Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved. Legal Notices