By default, the check box is selected to Unlimited and no restriction is placed on data download for the duration of the policy. Clear the check box to specify the maximum data download allowed by the policy. The user cannot download data once the download network traffic limit is reached.
| System | 482
Figure 444: Individual Network Traffic - Non-Cyclic Policy
4. Click Save.
Note: Cycle Network Traffic limit cannot be greater than Maximum Network Traffic limit.
Network Address Translation
Network Address Translation (NAT) enables multiple hosts within your network to access Internet through a single public IP address. In doing so, NAT not only conserves the pool of public IP addresses, it also conceals the addressing scheme of your network.
When a client within the network sends a request to the Internet, the router forwards the request to the device. NAT translates the sender’s address to the device’s public IP address before forwarding the request to the Internet. When a response is received from an external source, NAT translates the public IP address into the client’s private IP address before forwarding the packet to the client.
The device is shipped with a predefined NAT policy named MASQ which cannot be updated or deleted. The MASQ policy automatically masquerades traffic using the IP address that is bound to the device’s WAN port.
For it to take effect, the NAT policy must be applied to a Firewall Rule (Protect > Firewall). For further details, go to
User / Network Rule
.
Device Access
The device allows you to create role-based administrator privileges which offer granular access control. It allows you to assign some of the super administrator's capabilities to others through Device Access Profiles. You can create profiles for special-purpose administrators based on their work role. Example: Policy administration, network administration, administration of logs.
The Profiles allow three categories of access control:
• None
• Read-Only
• Read-Write
The device is shipped with the following default profiles:
• Administrator: Super administrator with full privileges. Administrator can create custom administrators and assign restricted or full privileges to them. Custom administrators with restricted privileges can update only their email address and password.
• Audit Admin: Read-write privileges only to Logs & Reports.
• Crypto Admin: Read-write privileges only for configuration of security certificate.
• HAProfile: Read-only privileges. If High Availability (HA) is configured, administrators accessing the Admin
Console of the auxiliary device have the privileges that are defined in the HA Profile.
• Security Admin: Read-write privileges to all features, not including Profiles and Logs & Reports.
Note:
• You cannot modify or delete the default profiles.
• You cannot delete a profile that is currently assigned to an administrator.
Add Profile
The device allows you to create multiple administrator profiles with differing levels of access control.
1. Go to System > Profiles > Device Access and click Add.
2. Enter the profile details.
Profile Name
Enter a unique name to identify the profile.
Configuration
Click to select the level of access to be given to a profile. You can select from the following levels of access:
Available Options:
None: No access to any page Read-Only: View the pages Read-Write: Modify the details
To set a common access level for all the menus, select the options at the top (None, Read-Only or
Read-Write). To set different access levels, select the option against the menu.
Click on the left side of a menu to view the sub-menu. To set differing access levels for submenus, select the option against the sub-menu.
Example: If you set the access level to Read-Only against Licensing, the profile user can view the
Licensing page but cannot make any modifications. To allow modifications, set the access level to
Read-Write.
Note:
Access Denied page
When an administrator tries to access a page or perform an operation that is not allowed by the assigned profile, the Access Denied page is displayed.
| System | 483