Fortinet v3.0 MR7 manual Ms-Chap

Page 63

Index

list order changing 50 firewall policy 50

local users configuring 34 creating 34

deleting from FortiGate configuration 36 removing from FortiGate configuration 36 viewing list of 35

M

MS-CHAP 25

N

Novell edirectory - see Directory Service

P

PAP 25

peer user groups configuring 44 creating 44

peer users 33, 36 configuring 36 creating 36

deleting from FortiGate configuration 38 viewing list of 37

peers about 9

PKI authentication about 9

PKI authentication - see peer users policy

list order rules 50 port

RADIUS servers 16

PPTP VPN authentication 55 configuring authentication for 55 IP address range 55

protection profiles 40 protocols

authentication 47 LDAP servers 19

Q

Query list

LDAP Distinguished Name 24

R

RADIUS

XAuth authentication with 58 RADIUS attributes 15

RADIUS authentication servers 15 RADIUS servers

attribute dictionary 16 authenticating users with 34 changing default port 16 configuring FortiGate unit to use 16 default port 16

FortiOS v3.0 MR7 User Authentication User Guide

deleting from FortiGate configuration 18 port 16

removing from FortiGate configuration 18 VSA 16

removing

Directory Service servers from FortiGate configura- tion 30

LDAP servers from FortiGate configuration 23 local users from FortiGate configuration 36 peer users from FortiGate configuration 38 RADIUS server from FortiGate configuration 18 TACACS+ servers from FortiGate configuration 26 user group from FortiGate configuration 45

Require Client Certificate option 55 RFC compliance

LDAP servers 19 rules

firewall policy order 50

S

servers

configuring XAuth authentication using 58 setting

authentication protocols 48 firewall policy authentication 48 firewall user authentication timeout 47 SSL VPN authentication timeout 47, 54

SSL Client Certificate Restrictive option 55

SSL VPN

authentication timeout 47, 54 checking client certificates 53 configuring strong authentication 54 enabling strong authentication 54 setting the cipher suite 53 specifying server certificate 53 specifying timeout values 53 strong authentication 54

tunnel IP range 52 user authentication 52

SSL VPN user groups 40 configuring 40 creating 40

IPSec VPN dialup users 40 strong authentication 54

enabling 54

for SSL VPN users 54

T

TACACS+ servers 25 ASCII 25 authenticating users with 34 authentication protocols 25 changing default port 25 CHAP 25

configuring the FortiGate unit to use 25 default port 25

deleting from FortiGate configuration 26 MS-CHAP 25

PAP 25 port 25

removing from FortiGate configuration 26 technical support 14

01-30007-0347-20080731

63

Page 62 Page 64
Image 63
Page 62 Page 64
Contents E R G U I D E Trademarks FortiOS v3.0 MR7 User Authentication User GuideContents Creating local users Creating peer users Configuring authenticated accessUsers/peers and user groups IndexIntroduction About authenticationUser’s view of authentication Web-based user authenticationVPN client-based authentication See Creating local users on See Creating peer users on FortiGate administrator’s view of authenticationSee Configuring user groups on Authentication serversUser groups Public Key Infrastructure PKI authenticationPeers UsersVPN tunnels Authentication timeoutAbout this document Firewall policiesName field, type admin FortiGate documentationTypographic conventions Related documentation FortiGate Administration GuideFortiAnalyzer documentation FortiManager documentationFortiClient documentation FortiMail documentationComments on Fortinet technical documentation Customer service and technical supportFortinet Tools and Documentation CD Fortinet Knowledge CenterRadius servers Authentication serversRadius attributes sent in Radius accounting message Configuring the FortiGate unit to use a Radius serverPrimary Server Secret Primary Server Name/IPGroup Edit icon Edit a Radius server configurationLdap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Identifier PasswordServer Port Common NameCertificate To configure the FortiGate unit for Ldap authentication CLIEdit ProtocolLdap server Distinguished Name Query tree Using the Query iconAscii TACACS+ serversServer Key Authentication TypeDirectory Service servers Fsae Collector IP Create NewDomain GroupsFsae Collector IP/Name Port Directory Service server configuration NameCLI Example Directory Service server list Directory Service servers Users/peers Users/peers and user groupsUser type Authentication Creating local usersTo create a local user web-based manager Go to User Local To view a list of all local users, go to User Local Delete icon Edit iconTo create a local user CLI To remove a user from the FortiGate unit configuration CLI Creating peer usersDelete icon Authenticating peer user To view a list of PKI peer users, go to User PKISubject Remove PKI peer user To create a peer user for PKI authentication CLIDirectory Service user groups User groupsFirewall user groups Protection profiles SSL VPN user groupsConfiguring user groups Select Create New and enter the following informationFirewall FortiGuard Web Configuring Directory Service user groupsTo create a firewall user group CLI MembersAvailable Users/Groups or Available Members Configuring SSL VPN user groupsGroup Name Configuring Peer user groupsViewing a list of user groups To create a peer group CLIConfig user group delete groupname End User groups Telnet Authentication timeoutAuthentication protocols Enter the Idle Timeout value seconds Select ApplyAuthentication Settings Firewall policy authenticationGo to Firewall Policy Configuring authentication for a firewall policyAuthentication is an Advanced firewall option To configure authentication for a firewall policyFirewall Policy Move To Firewall policy orderConfiguring authenticated access to the Internet Source InterfaceZone Go to VPN SSL VPN authenticationConfiguring authentication of SSL VPN users Select Enable SSL-VPN and enter information as followsEncryption Key Algorithm Default RC4128Server Certificate Require Client CertificateTo configure authentication for an SSL VPN CLI Select Require Client Certificate, and then select Apply Configuring authentication of VPN peers and clientsConfiguring authentication of Pptp VPN users/user groups Select Enable PptpTo configure authentication for an L2TP VPN CLI Configuring authentication of L2TP VPN users/user groupsConfiguring authentication of remote IPSec VPN users To configure authentication for a Pptp VPN CLITo configure user group authentication for dialup IPSec CLI Only users with passwords on the FortiGate unitRemote Gateway IPSec configuration for dialup users Configuring XAuth authenticationServer Type To configure authentication for a dialup IPSec VPN CLIRemote Gateway Authentication Method XAuthVPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA
Top Page Image Contents