Fortinet v3.0 MR7 manual 01-30007-0347-20080731

Page 62

Index

FSAE collector agent 27 FSAE domain controller 27 redundant configuration 28

removing from FortiGate configuration 30 retrieving information from LDAP server 28 viewing domain and group information 30 viewing list of 28

Directory Service user groups configuring 42

creating 42 distinguished names elements 20

LDAP servers 20 list of 24

DNS server

access using firewall policy 51 Document conventions 10 documentation

commenting on 14 Fortinet 11 Fortinet product 12

domain component LDAP servers 20

domain controller 27

E

edirectory - see Directory Service elements

distinguished names 20 enabling

SSL VPN strong authentication 54

F

firewall

configuring user groups 41 creating user groups 41 DNS server access 51 Internet access authentication 51 IPSec VPN dialup user access 39 policy authentication 48, 49 user authentication timeout 47 user groups 39

firewall policies

FortiGate administrator’s view 10 firewall policy

changing list order 50 list order 50

list order rules 50 strong authentication 55

FortiGate authenticating users 33 authenticating with XAuth 58

configuring to use Directory Service server 28 configuring to use LDAP server 21 configuring to use RADIUS server 16 configuring to use TACACS+ server 25 IPSec VPN 56

viewing information sent to Directory Service serv- ers 30

FortiGate administrator

authentication 7

authentication servers 8 FortiGate administrator’s view

firewall policies 10 VPN tunnels 10

Fortinet

customer service 14 Knowledge Center 14 product documentation 12 technical support 14

Fortinet documentation 11 commenting on 14

Fortinet Knowledge Center 14

Fortinet Server Authentication Extension - see FSAE FSAE 27

collector agent 27 components 27 domain controller 27

H

hierarchy

LDAP servers 20

I

Idle timeout

VPN connection 7

Internet access authentication 51 introduction

Fortinet documentation 11 IP address range

setting for L2TP VPN 56 setting for PPTP VPN 55 setting for SSL VPN 52

IPSec VPN

configuring authentication for 56 dialup users, access to 40

dialup users, configuring authentication for 56

K

Knowledge Center 14

L

L2TP VPN

configuring authentication for 56

LDAP

XAuth authentication with 58 LDAP servers 19

authenticating users with 34 binding 19

common name 20

configuring FortiGate unit to use 21 deleting from FortiGate configuration 23 directory 19

Distinguished Name Query list 24 distinguished names 20 domain component 20 hierarchy 20

protocols 19

removing from FortiGate configuration 23 RFC compliance 19

using with Directory Service authentication 28

FortiOS v3.0 MR7 User Authentication User Guide

62

01-30007-0347-20080731

Page 61 Page 63
Image 62
Page 61 Page 63
Contents E R G U I D E FortiOS v3.0 MR7 User Authentication User Guide TrademarksContents Index Configuring authenticated accessUsers/peers and user groups Creating local users Creating peer usersAbout authentication IntroductionVPN client-based authentication User’s view of authenticationWeb-based user authentication FortiGate administrator’s view of authentication See Creating local users on See Creating peer users onAuthentication servers See Configuring user groups onUsers Public Key Infrastructure PKI authenticationPeers User groupsFirewall policies Authentication timeoutAbout this document VPN tunnelsTypographic conventions Name field, type adminFortiGate documentation FortiGate Administration Guide Related documentationFortiMail documentation FortiManager documentationFortiClient documentation FortiAnalyzer documentationFortinet Knowledge Center Customer service and technical supportFortinet Tools and Documentation CD Comments on Fortinet technical documentationAuthentication servers Radius serversConfiguring the FortiGate unit to use a Radius server Radius attributes sent in Radius accounting messagePrimary Server Name/IP Primary Server SecretEdit icon Edit a Radius server configuration GroupLdap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Common Name PasswordServer Port IdentifierProtocol To configure the FortiGate unit for Ldap authentication CLIEdit CertificateUsing the Query icon Ldap server Distinguished Name Query treeTACACS+ servers AsciiAuthentication Type Server KeyDirectory Service servers Groups Create NewDomain Fsae Collector IPDirectory Service server configuration Name Fsae Collector IP/Name PortCLI Example Directory Service server list Directory Service servers Users/peers and user groups Users/peersTo create a local user web-based manager Go to User Local User type AuthenticationCreating local users To create a local user CLI To view a list of all local users, go to User LocalDelete icon Edit icon Delete icon To remove a user from the FortiGate unit configuration CLICreating peer users Subject Authenticating peer userTo view a list of PKI peer users, go to User PKI To create a peer user for PKI authentication CLI Remove PKI peer userFirewall user groups Directory Service user groupsUser groups SSL VPN user groups Protection profilesFirewall Configuring user groupsSelect Create New and enter the following information Members Configuring Directory Service user groupsTo create a firewall user group CLI FortiGuard WebConfiguring SSL VPN user groups Available Users/Groups or Available MembersTo create a peer group CLI Configuring Peer user groupsViewing a list of user groups Group NameConfig user group delete groupname End User groups Enter the Idle Timeout value seconds Select Apply Authentication timeoutAuthentication protocols TelnetFirewall policy authentication Authentication SettingsTo configure authentication for a firewall policy Configuring authentication for a firewall policyAuthentication is an Advanced firewall option Go to Firewall PolicyFirewall policy order Firewall Policy Move ToZone Configuring authenticated access to the InternetSource Interface Select Enable SSL-VPN and enter information as follows VPN authenticationConfiguring authentication of SSL VPN users Go to VPN SSLRequire Client Certificate Default RC4128Server Certificate Encryption Key AlgorithmTo configure authentication for an SSL VPN CLI Select Enable Pptp Configuring authentication of VPN peers and clientsConfiguring authentication of Pptp VPN users/user groups Select Require Client Certificate, and then select ApplyTo configure authentication for a Pptp VPN CLI Configuring authentication of L2TP VPN users/user groupsConfiguring authentication of remote IPSec VPN users To configure authentication for an L2TP VPN CLIRemote Gateway To configure user group authentication for dialup IPSec CLIOnly users with passwords on the FortiGate unit Configuring XAuth authentication IPSec configuration for dialup usersXAuth To configure authentication for a dialup IPSec VPN CLIRemote Gateway Authentication Method Server TypeVPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA
Top Page Image Contents