Fortinet v3.0 MR7 manual Index

Page 61

Index

Index

A

Active Directory - see Directory Service administrator

authentication 7 ASCII 25 attributes

RADIUS 15 authenticated access configuring 47 authenticating users FortiGate 33

with LDAP servers 34 with RADIUS servers 34 with TACACS+ servers 34

authentication 54 about 5

access to DNS server 51 certificate 54

firewall policy 48, 49 FortiGate administrator 7 Internet access 51 IPSec VPN 56

L2TP 56 PKI 9 PPTP VPN 55 protocols 47 SSL VPN 52

SSL VPN timeout 54 strong 54

timeout 47 user’s view 6 VPN 52, 55

VPN client-based 6 web-based user 6 XAuth 58

authentication protocols ASCII 25

CHAP 25 MS-CHAP 25 PAP 25 setting 48 TACACS+ servers 25

authentication servers about 8 Directory Service 27 LDAP 19 RADIUS 15 TACACS+ 25

authentication timeout 10 firewall 47

setting 47

SSL VPN 47, 54

B

binding

LDAP servers 19

FortiOS v3.0 MR7 User Authentication User Guide

C

certificate authentication 54

changing

list order 50 CHAP 25 collector agent 27 common name

LDAP servers 20 configuring

authenticated access 47 Directory Service user groups 42 firewall policy authentication 49 Internet access authentication 51 IPSec VPN authentication 56 L2TP VPN authentication 56 local users 34

peer user groups 44 peer users 36

PPTP VPN authentication 55 SSL VPN authentication 52

XAuth authentication for IPSec dialup users 58 XAuth authentication with LDAP servers 58 XAuth authentication with RADIUS servers 58

creating

Directory Service user groups 42 local users 34

peer user groups 44 peer users 36 user groups 41

customer service 14

D

default port RADIUS servers 16 TACACS+ servers 25

deleting

Directory Service server from FortiGate configura- tion 30

LDAP server from FortiGate configuration 23 local users from FortiGate configuration 36 peer users from FortiGate configuration 38 RADIUS server from FortiGate configuration 18 TACACS+ server from FortiGate configuration 26 user group from FortiGate configuration 45

dialup users

configuring authentication for 56 dictionary

RADIUS attriutes 16 directory

LDAP servers 19 Directory Service

user groups 39 Directory Service servers 27

configuring FortiGate unit to use 28 deleting from FortiGate configuration 30 FSAE 27

01-30007-0347-20080731

61

Image 61

Contents E R G U I D E Trademarks FortiOS v3.0 MR7 User Authentication User GuideContents Users/peers and user groups Configuring authenticated accessIndex Creating local users Creating peer usersIntroduction About authenticationWeb-based user authentication User’s view of authenticationVPN client-based authentication See Creating local users on See Creating peer users on FortiGate administrator’s view of authenticationSee Configuring user groups on Authentication serversPeers Public Key Infrastructure PKI authenticationUsers User groupsAbout this document Authentication timeoutFirewall policies VPN tunnelsFortiGate documentation Name field, type adminTypographic conventions Related documentation FortiGate Administration GuideFortiClient documentation FortiManager documentationFortiMail documentation FortiAnalyzer documentationFortinet Tools and Documentation CD Customer service and technical supportFortinet Knowledge Center Comments on Fortinet technical documentationRadius servers Authentication serversRadius attributes sent in Radius accounting message Configuring the FortiGate unit to use a Radius serverPrimary Server Secret Primary Server Name/IPGroup Edit icon Edit a Radius server configurationLdap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Server Port PasswordCommon Name IdentifierEdit To configure the FortiGate unit for Ldap authentication CLIProtocol CertificateLdap server Distinguished Name Query tree Using the Query iconAscii TACACS+ serversServer Key Authentication TypeDirectory Service servers Domain Create NewGroups Fsae Collector IPFsae Collector IP/Name Port Directory Service server configuration NameCLI Example Directory Service server list Directory Service servers Users/peers Users/peers and user groupsCreating local users User type AuthenticationTo create a local user web-based manager Go to User Local Delete icon Edit icon To view a list of all local users, go to User LocalTo create a local user CLI Creating peer users To remove a user from the FortiGate unit configuration CLIDelete icon To view a list of PKI peer users, go to User PKI Authenticating peer userSubject Remove PKI peer user To create a peer user for PKI authentication CLIUser groups Directory Service user groupsFirewall user groups Protection profiles SSL VPN user groupsSelect Create New and enter the following information Configuring user groupsFirewall To create a firewall user group CLI Configuring Directory Service user groupsMembers FortiGuard WebAvailable Users/Groups or Available Members Configuring SSL VPN user groupsViewing a list of user groups Configuring Peer user groupsTo create a peer group CLI Group NameConfig user group delete groupname End User groups Authentication protocols Authentication timeoutEnter the Idle Timeout value seconds Select Apply TelnetAuthentication Settings Firewall policy authenticationAuthentication is an Advanced firewall option Configuring authentication for a firewall policyTo configure authentication for a firewall policy Go to Firewall PolicyFirewall Policy Move To Firewall policy orderSource Interface Configuring authenticated access to the InternetZone Configuring authentication of SSL VPN users VPN authenticationSelect Enable SSL-VPN and enter information as follows Go to VPN SSLServer Certificate Default RC4128Require Client Certificate Encryption Key AlgorithmTo configure authentication for an SSL VPN CLI Configuring authentication of Pptp VPN users/user groups Configuring authentication of VPN peers and clientsSelect Enable Pptp Select Require Client Certificate, and then select ApplyConfiguring authentication of remote IPSec VPN users Configuring authentication of L2TP VPN users/user groupsTo configure authentication for a Pptp VPN CLI To configure authentication for an L2TP VPN CLIOnly users with passwords on the FortiGate unit To configure user group authentication for dialup IPSec CLIRemote Gateway IPSec configuration for dialup users Configuring XAuth authenticationRemote Gateway Authentication Method To configure authentication for a dialup IPSec VPN CLIXAuth Server TypeVPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA