Fortinet v3.0 MR7 Create New, Domain, Groups, Fsae Collector IP, Add User/Group, Edit Users/Group

Page 28

Directory Service servers

Authentication servers

To view the list of Directory Service servers, go to User > Directory Service.

Figure 8: Example Directory Service server list

 

 

 

Server

Delete

 

Edit User/Group

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Edit

 

 

Expand Arrow (Directory Service server)

 

Add User/Group

 

Domain and groups

 

 

 

 

 

 

 

 

 

 

 

Create New

Add a new Directory Service server.

 

 

 

Name

You can select the Expand arrow beside the server/domain/group

 

 

 

 

name to display Directory Service domain and group information.

 

 

 

 

Server

The name defined for the Directory Service

 

 

 

 

 

server.

 

 

 

 

 

 

 

Domain

Domain name imported from the Directory

 

 

 

 

 

Service server.

 

 

 

 

 

 

 

Groups

The group names imported from the Directory

 

 

 

 

 

Service server.

 

 

 

FSAE Collector IP

The IP addresses and TCP ports of up to five FSAE collector

 

 

 

 

agents that send Directory Service server login information to the

 

 

 

 

FortiGate unit.

 

 

 

 

Delete icon

Delete this Directory Service server.

 

 

 

Edit icon

Edit this Directory Service server.

 

 

 

Add User/Group

Add a user or group to the list. You must know the distinguished

 

 

 

 

name for the user or group.

 

 

 

Edit Users/Group

Select users and groups to add to the list.

 

 

 

Configuring the FortiGate unit to use a Directory Service server

You need to configure the FortiGate unit to access at least one FSAE collector agent. You can specify up to five Directory Service servers on which you have installed a collector agent. If it is necessary for your FSAE collector agent to require authenticated access, you enter a password for the server. The server name appears in the list of Directory Service servers when you create user groups. You can also retrieve information directly through an LDAP server instead of through the FSAE agent.

Note: You can create a redundant configuration on your FortiGate unit if you install a collector agent on two or more domain controllers. If the current collector agent fails, the FortiGate unit switches to the next one in its list of up to five collector agents.

 

FortiOS v3.0 MR7 User Authentication User Guide

28

01-30007-0347-20080828

Page 27 Page 29
Image 28
Page 27 Page 29
Contents E R G U I D E FortiOS v3.0 MR7 User Authentication User Guide TrademarksContents Configuring authenticated access Users/peers and user groupsIndex Creating local users Creating peer usersAbout authentication IntroductionWeb-based user authentication User’s view of authenticationVPN client-based authentication FortiGate administrator’s view of authentication See Creating local users on See Creating peer users onAuthentication servers See Configuring user groups onPublic Key Infrastructure PKI authentication PeersUsers User groupsAuthentication timeout About this documentFirewall policies VPN tunnelsFortiGate documentation Name field, type adminTypographic conventions FortiGate Administration Guide Related documentationFortiManager documentation FortiClient documentationFortiMail documentation FortiAnalyzer documentationCustomer service and technical support Fortinet Tools and Documentation CDFortinet Knowledge Center Comments on Fortinet technical documentationAuthentication servers Radius serversConfiguring the FortiGate unit to use a Radius server Radius attributes sent in Radius accounting messagePrimary Server Name/IP Primary Server SecretEdit icon Edit a Radius server configuration GroupLdap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Password Server PortCommon Name IdentifierTo configure the FortiGate unit for Ldap authentication CLI EditProtocol CertificateUsing the Query icon Ldap server Distinguished Name Query treeTACACS+ servers AsciiAuthentication Type Server KeyDirectory Service servers Create New DomainGroups Fsae Collector IPDirectory Service server configuration Name Fsae Collector IP/Name PortCLI Example Directory Service server list Directory Service servers Users/peers and user groups Users/peersCreating local users User type AuthenticationTo create a local user web-based manager Go to User Local Delete icon Edit icon To view a list of all local users, go to User LocalTo create a local user CLI Creating peer users To remove a user from the FortiGate unit configuration CLIDelete icon To view a list of PKI peer users, go to User PKI Authenticating peer userSubject To create a peer user for PKI authentication CLI Remove PKI peer userUser groups Directory Service user groupsFirewall user groups SSL VPN user groups Protection profilesSelect Create New and enter the following information Configuring user groupsFirewall Configuring Directory Service user groups To create a firewall user group CLIMembers FortiGuard WebConfiguring SSL VPN user groups Available Users/Groups or Available MembersConfiguring Peer user groups Viewing a list of user groupsTo create a peer group CLI Group NameConfig user group delete groupname End User groups Authentication timeout Authentication protocolsEnter the Idle Timeout value seconds Select Apply TelnetFirewall policy authentication Authentication SettingsConfiguring authentication for a firewall policy Authentication is an Advanced firewall optionTo configure authentication for a firewall policy Go to Firewall PolicyFirewall policy order Firewall Policy Move ToSource Interface Configuring authenticated access to the InternetZone VPN authentication Configuring authentication of SSL VPN usersSelect Enable SSL-VPN and enter information as follows Go to VPN SSLDefault RC4128 Server CertificateRequire Client Certificate Encryption Key AlgorithmTo configure authentication for an SSL VPN CLI Configuring authentication of VPN peers and clients Configuring authentication of Pptp VPN users/user groupsSelect Enable Pptp Select Require Client Certificate, and then select ApplyConfiguring authentication of L2TP VPN users/user groups Configuring authentication of remote IPSec VPN usersTo configure authentication for a Pptp VPN CLI To configure authentication for an L2TP VPN CLIOnly users with passwords on the FortiGate unit To configure user group authentication for dialup IPSec CLIRemote Gateway Configuring XAuth authentication IPSec configuration for dialup usersTo configure authentication for a dialup IPSec VPN CLI Remote Gateway Authentication MethodXAuth Server TypeVPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA
Top Page Image Contents