Importing SSL VPN users to the USG6000 from the server

The procedure for importing users and user groups from the server is as follows:

You can import user, user group, and security group information on the server to the NGFW to reduce the manual operation workload.
Prerequisites
Before importing users, user groups, and security groups from the server, finish the following task:
Configure the AD, Lightweight Directory Access Protocol (LDAP), or TSM server.
Procedure:
1. Create an AD, LDAP, or TSM server import policy in the system view and access the server import policy view.
user-manage import-policy policy-name from { ad | ldap | tsm }
2. Configure a server template.
server template template-name
The server template defines the parameters used by the NGFW to communicate with the AD, LDAP, or TSM server. The server template must exist and match the authentication server type specified in the server import policy.
3. Configure the start position for importing user, user group, and security group information from the authentication server.
server basedn basedn
The start position is composed of the server domain name and user group name. The format is: ou=level-N user group,…�?ou=level-2 user group,ou=level-1 user group,dc=level-N domain name,…�?dc=level-2 domain name,dc=level-1 domain name.
4. (Optional) Configure the import type.
import-type { all | group | security-group | user | user-group | user-security-group }
The import type can be:
all: all information
group: user group information
security-group: security group information
user: user information
user-group: user and user group information
user-security-group: user and security group information
5. (Optional) Configure the user group on the NGFW to which user and user group information is to be imported.
destination-group group-name
6. Configure the security group on the NGFW to which user information is to be imported.
destination-security-group security-group-name
7. (Optional) Configure the import interval.
time-interval time-interval

8. (Optional) Allow users, user groups, and security groups on the authentication server to override those with the same name on the NGFW.
import-override enable
9. (Optional) Configure filtering parameters.
The filtering parameters take effect only to the AD and LDAP servers.
Follow-up processing
After creating a server import policy, run execute user-manage import-policy policy-name to import user, user group, and security group information on the server to the NGFW.

Scroll to top