Firewall policy authentication | Configuring authenticated access |
7One at a time, select user group names from the Available Groups list and select the
8To use a CA certificate for authentication, in Certificate, select the certificate to use from the
9To require the user to accept a disclaimer to connect to the destination, select User Authentication Disclaimer.
The User Authentication Disclaimer replacement message is displayed. You can edit the User Authentication Disclaimer replacement message text by going to System > Config > Replacement Messages.
10Type a URL in Redirect URL if the user is to be redirected after they are authenticated or accept the disclaimer.
11Select OK.
Firewall policy order
The firewall policies that you create must be correctly placed in the policy list to be effective. The firewall evaluates a connection request by checking the policy list from the top down, looking for the first policy that matches the source and destination addresses of the packet. Keep these rules in mind:
•More specific policies must be placed above more general ones.
•Any policy that requires authentication must be placed above any similar policy that does not.
•If a user fails authentication, the firewall drops the request and does not check for a match with any of the remaining policies.
•If you create a policy that requires authentication for HTTP access to the Internet, you must precede this policy with a policy for unauthenticated access to the appropriate DNS server.
To change the position of the DNS server in the policy list -
1Go to Firewall > Policy.
2If necessary, expand the list to view your policies.
3Select the Move To icon beside the DNS policy you created.
Figure 24: Firewall > Policy - Move To
Move To
Delete
Edit
Insert Policy before
| FortiOS v3.0 MR7 User Authentication User Guide |
50 |