User groups | Users/peers and user groups |
Members | The list of Local users, RADIUS servers, LDAP servers, |
| TACACS+ servers, Directory Service users/user groups, or PKI |
| users that belong to the user group. To remove a member, select |
| the name and then select the Left Arrow. |
FortiGuard Web | Available only if Type is Firewall or Directory Service. |
Filtering Override | Select the Expand Arrow to configure Web Filtering override |
| capabilities for this group. |
3Select OK.
To create a firewall user group - CLI
config user group edit <group_name>
set
set member <user1> <user2> ... <usern> set profile <profile_name>
end
For more specific user group CLI commands, see the Fortinet CLI Guide.
Configuring Directory Service user groups
On a network, you can configure the FortiGate unit to allow access to members of Directory Service server user groups who have been authenticated on the network. The Fortinet Server Authentication Extensions (FSAE) must be installed on the network domain controllers.
Note: You cannot use Directory Service user groups directly in FortiGate firewall policies. You must add Directory Service groups to FortiGate user groups. A Directory Service group should belong to only one FortiGate user group. If you assign it to multiple FortiGate user groups, the FortiGate unit recognizes only the last user group assignment.
A Directory Service user group provides access to a firewall policy that requires Directory Service type authentication and lists the user group as one of the allowed groups. The members of the user group are Directory Service users or groups that you select from a list that the FortiGate unit receives from the Directory Service servers that you have configured.
Note: A Directory Service user group cannot have SSL VPN access.
To create an Directory Service user group
1Go to User > User Group.
2Select Create New, enter the following information, and select OK.
| FortiOS v3.0 MR7 User Authentication User Guide |
42 |