{{ secondMenu.name }}
Step 1.Use a cross-connected cable to connect computers to the ETH0 (LAN) port of the IAG. Assign the 10.251.251. X/24 IP addresses to the computers. Log in to the IAG console at https://10.251.251.251.
Step 2.Set the bridge mode. Assign the 10.10.10.3/29 IP address as the bridge IP address of the IAG.
The IP address belongs to the network segment for direct connection between the firewall and the L3 switch. Choose System > Network > Deployment, click Settings, and select the Bridge mode.
Click Next and select the bridge port numbers. In this example, ETH0 and ETH2 are used as a pair of bridge port numbers. ETH0 is used for the LAN, and ETH2 is used for the WAN.
Click Next and set the bridge IP address of the IAG.
Click Next and set the IP address of the DMZ management port. You can retain the default settings.
Click Next and set the gateway and DNS for accessing the Internet.
Click Next and click OK.[A372]
Step 3.Add a common employee group and a director group for local users at Access Mgt > User Management > Local User > Add Group/User.
You can add multiple groups and separate the group names with a comma. Then, click OK.[A373]
Step 4.In this example, the L3 switch forwards data between the IAG and intranet users. Therefore, select Enable MAC acquisition across L3 network so that users' IP Addresses and MAC addresses can be bound correctly on the IAG. Path: Access Mgt > Authentication > Correlation Connection > MAC Address Acquisition.
Tick Enable MAC acquisition across L3 network. Select Add and add a server and enter the MAC address of the L3 switch to the exclusion list.
Click OK.[A374]
Step 5.Add an authentication policy for the common employee group and another for the director group at Access Mgt > Authentication > Web Authentication > Authentication Policy.
Click Add and set an authentication policy for the common user group. See the following figure.
Click OK.[A375]
Click Add and set an authentication policy for the director group. See the following figure.[LCH376]
Step 6.Set the Internet access permissions for the common user group at Online Activities > Access Control.
Click Add and select the Internet access policy. Choose Access Control, set access control over P2P and online streaming media applications for office hours, and block access to illegal and unhealthy websites.
Click Object, choose Local Users, and select Common User Group.
Click OK.[A377] Set the Audit policy for the common user group. Add the policy, select Audit policy, and add audit objects.
Click OK.
Click Object, choose Local Users, and select Normal User Group.
Click OK.[A378]
Set the admission policy for the common user group. Add the policy, select Ingress Policy, and enable IM message monitoring.
Click Object, choose Local Users, and select Normal User Group.
Click OK.[A379]
Step 7.Set the Internet access audit policy for the director group. Select Audit Policy and add audit objects.
Click Object, choose Local Users, and select Director Group.
Click OK.[A380]
Step 8.Set the Bandwidth Management policy. Set the line bandwidth at Bandwidth Management > Line bandwidth.
Click Line 1 and set the upstream and downstream bandwidth.
Click OK.[A381]
Set the Bandwidth Management channel at Bandwidth Management > Bandwidth Channel. Tick Enable Bandwidth Management System.
Click Add, select Add Parent Channel, and set the assurance channel for website access.
Click OK.
Click Add, select Add Parent Channel, and set the limitation channel for P2P applications, download applications, and streaming media applications.
Click OK.
Step 9.Install the IAG. Connect the ETH0 (LAN) port of the IAG to the L3 switch and the ETH2 (WAN) port to the intranet port of the firewall.
{{ $t('index.defaultHeader.chromeBrowserTip') }}