IP based authentication
NxFilter supports IP based user authentication.
How to associate
The IP based authentication is the simplest user authentication method supported by NxFilter.
Since it is still an authentication method, you have to enable user authentication on 'System > Setup' first.
And then you can associate multiple IPs or IP ranges to a user on 'User > User > EDIT'.
If it's NxCloud, you also can associate dynamic domains to a user.
Overlapped association
You could have overlapped IP range associations or you could have a single IP association which is included to an IP range
already associated to another user. We have 'Most specific IP range comes first' rule for ordering IP range users.
Single IP association comes before IP range association and the smaller IP range will be applied before the other IP ranges.
For example in the following IP assignment table,
- User A is associated to 192.168.0.101
- User B is associated to 192.168.0.100 ~ 192.168.0.150
- User C is associated to 192.168.0.1 ~ 192.168.0.255
If you are on 192.168.0.101, you will appear as User A on NxFilter log view. If you are on 192.168.0.102, you will appear as User B on NxFilter log view.
You can find out who you are by accessing http://your-nxfilter-ip/welcome. NxFilter supports several ways of authentication. You can choose one of them or mix and match some of them to complement each other.
Default user for your network
When you enable user authentication by NxFilter. One problem is that the unauthenticated PCs can't access the internet.
In today's computing environment, every PCs need to access the internet to some extent.
You can create whitlist with 'Bypass Authentication' flag but there may be too many domains to bypass.
In that case, it would be better to create a user and associate an IP range covering your local network to the user.
We can call it 'Default User' and you can assign a policy with minimal permission to the user.
If a user requires more permissions, they can log in as another user via the NxFilter login page.