User objects restrict access rules to specific users and user groups. Creating a user object requires a name and an optional description as an identifier. A user object in its simplest form holds the login name of a user. Alternatively, you can also assign a group name. When assigning a name for a user or a group, wildcards like ? or * are allowed. In its more complex form, a user object can be nested, which means you can choose from a list of predefined user objects and combine them with a new set of users and/or groups. The list also provides you with predefined user objects that are included in the firewall.
You can also include the group of all authenticated users or VPN groups in the object configuration. User objects are populated by querying the external authentication servers or the local authentication service on the firewall.
Predefined User Objects
- All Authenticated Users – This predefined group includes all authenticated users.
- All VPN Users – This predefined group includes all VPN users.
Create User Object
For more information on how to create user objects, see How to Create and Apply Custom User Objects.