Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.107
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Policies Authentication User Management Security Groups
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","Security Groups")}}

Security Groups

{{ $t('productDocDetail.updateTime') }}: 2026-02-05

You can add users to different security groups based on their business departments, job responsibilities, or other dimensions. This enables permission management and control based on security groups, and prevents permission sprawl. In addition, Athena NGFW supports the synchronization of user information from AD domains. This ensures that the user data in Athena NGFW aligns with that in the organization's user identity system, and reduces risks associated with unauthorized access.

Athena NGFW allows you to create security groups by synchronizing users from the local Athena NGFW device or from a remote server such as an AD domain server. This not only ensures centralized user identity management, but also facilitates the management of special local users. In addition, security groups are decoupled from business policies. This way, when organizational structural changes such as department mergers and personnel adjustments occur, you only need to update the users in the security groups. Then, all associated security policies will be automatically synchronized with the security groups.

You can create a security group and associate the security group with specific members such as users and user groups. This way, when the attributes of an online user match the membership conditions of the security group, for example, the affiliated user group of the online user belongs to this security group, the online user is automatically added to the security group.

Parameters:

Name: Specify a name for the security group. The name herein is case-sensitive. You can filter security groups by security group name, where the security group name used for filtering is case-insensitive.

Description: Enter a description for the security group.

Add from the local device: If this check box is selected, you can select local users or local user groups as the members of this security group. If you select a user group, all subgroups and users that belong to this user group will be automatically added to this security group.

Add from the remote servers: If this check box is selected, you can select remote security groups from multiple AD domain servers as the members of this security group. When a user goes online, the system first queries the affiliated security group of the user on the AD domain server, and then checks whether that affiliated security group matches the membership conditions of this security group on the Athena NGFW device. If it matches, the online user is automatically added to this security group.

Add manually: If this check box is selected, you can manually enter usernames to add the corresponding users to this security group. This is applicable to online users who do not exist on the local Athena NGFW device. If a manually entered username overlaps with the name of a local user, the manually entered username will be removed, and the corresponding local user will be automatically added to this security group.