User authentication is a means of identifying the user and verifying that the user is allowed to access some restricted services. For example, a user can be identified as a SSL VPN user in order to access your network resources over SSL VPN tunnels.
The security appliance authenticates all users when they attempt to access your network resources in different zones. Users on the VLANs perform only local tasks, and are not required to be authenticated by the security appliance.
The security appliance supports a local database that is stored on the security appliance and a variety of AAA server types, such as RADIUS, Lightweight Directory Access Protocol (LDAP), and Active Directory (AD). You can use the local database, an AAA server, or both to perform user authentication. The local database supports up to 100 users, so you need to use the AAA server for authentication if the number of users accessing the network is more than 100 users.
Note The user group service policy can only be configured locally. All user groups on an AAA server need to be duplicated locally.
Refer to the following topics:
• Using Local Database for User Authentication
• Using RADIUS Server for User Authentication
• Using Local Database and RADIUS Server for User Authentication