VLAN Policy ExamplesFirebox Vclass User Guide 225fied by the RADIUS system, the Firebox appliance associ-ates the user (IP address) to the relevant domain. Anytraffic from the user will then be covered by policies thatincorporate that domain.An example of a user-domain policy in useAs noted previously, the key element in user-domain ten-ant policies is user authentication, which is how traffic per-taining to a specific tenant is identified. For example:• The Vcontroller administrator creates a user-domaintenant record for “Engineering” domain users that usesa RADIUS server for user authentication.• Policies are created to manage traffic for an externalnetwork, originating from “Engineering.”• When one of the tenant users wants to make anexternal connection, he or she opens a Web browserand logs into the Firebox appliance. The user’s IPaddress is also noted by the appliance.• After the user provides a user name, password, anddomain name (specified in the Tenant entry asreferenced by the policy), his or her name andpassword are validated by the RADIUS system.• The user is granted access to the external network.• The appliance now classifies packets from the user’scomputer as traffic from the “Engineering” domaintenant.• Finally, after a set idle time expires, the connection isbroken, and that user will have to log in and re-authenticate before being granted access to the externalnetwork again.One of the advantages of creating and applying user-domain tenants to policies is that there is no strict relation-ship between a tenant and the originating computer’s IPaddress. The computer used by a tenant user is noteddynamically by the appliance during the authenticationprocess; the user name, password, and domain are the key,