User’s view of authentication | Introduction |
User’s view of authentication
The user sees a request for authentication when they try to access a protected resource. The way in which the request is presented to the user depends on the method of access to that resource.
VPN authentication usually controls remote access to a private network.
Web-based user authentication
Firewall policies usually control browsing access to an external network that provides connection to the Internet. In this case, the FortiGate unit requests authentication through the web browser:
The user types a user name and password and then selects Continue/Login. If the credentials are incorrect, the authentication screen is redisplayed with blank fields so that the user can try again. When the user enters valid credentials, they get access to the required resource. In some cases, if a user tries to authenticate several times without success, a message appears, such as: “Too many bad login attempts. Please try again in a few minutes.”
Note: After a defined period of user inactivity (the authentication timeout, defined by the FortiGate administrator), the user access will expire. The default is 5 minutes. To access the resource, the user will have to authenticate again.
VPN client-based authentication
VPNs provide remote clients with access to a private network for a variety of services that include web browsing, email, and file sharing. A client program such as FortiClient negotiates the connection to the VPN and manages the user authentication challenge from the FortiGate unit.
| FortiOS v3.0 MR7 User Authentication User Guide |
6 |