Identity based security requires Active Directory, NT domain, RADIUS or LDAP servers or the appliance's own database. You can also identify systems by their IP addresses, create IP address pools and link specific systems to users so they are only allowed to log in from an assigned address or a pool.
Three types of user are supported where a normal user must logon to the appliance, requiring a small client utility to be installed locally. Clientless users don't need the utility and don't have to log on to the appliance but for these you can't apply surfing and data transfer quotas or internet access time restrictions. The SSO user type is merely a normal user that is automatically logged in to the appliance when they have authenticated with an external directory server.
User and group controls are very extensive as each one can have their own web filtering, internet access and bandwidth usage policies. Data transfer limitations on uploads and downloads can also be applied and there are even options for daily, weekly, monthly or yearly limits.
Firewall rules offer advanced options where you can select additional policies for IPS, web filtering and bandwidth restrictions. For each rule you can also activate virus scanning on HTTP, POP3, IMAP, SMTP and FTP traffic.
You can apply a global anti-spam policy and underneath this add custom policies for separate users and groups. For each policy there are a set of advanced options where you limit attachment sizes and decide what to do based on each message's spam score. Dependent on the score, you can quarantine, drop or reject SMTP messages or tag the subject line whilst for POP3 you can accept a suspect message or tag it.
