FortiGate-400 Installation and Configuration Guide Version 2.50 MR2

Users and authentication

FortiGate units support user authentication to the FortiGate user database, to a RADIUS server, and to an LDAP server. You can add user names to the FortiGate user database and then add a password to allow the user to authenticate using the internal database. You can also add the names of RADIUS and LDAP servers. You can select RADIUS to allow the user to authenticate using the selected RADIUS server or LDAP to allow the user to authenticate using the selected LDAP server. You can disable a user name so that the user cannot authenticate.

To enable authentication, you must add user names to one or more user groups. You can also add RADIUS servers and LDAP servers to user groups. You can then select a user group when you require authentication.

You can select user groups to require authentication for:

any firewall policy with Action set to ACCEPT

IPSec dialup user phase 1 configurations

XAuth functionality for Phase 1 IPSec VPN configurations

PPTP

L2TP

When a user enters a user name and password, the FortiGate unit searches the internal user database for a matching user name. If Disable is selected for that user name, the user cannot authenticate and the connection is dropped. If Password is selected for that user and the password matches, the connection is allowed. If the password does not match, the connection is dropped.

If RADIUS is selected and RADIUS support is configured and the user name and password match a user name and password on the RADIUS server, the connection is allowed. If the user name and password do not match a user name and password on the RADIUS server, the connection is dropped.

If LDAP is selected and LDAP support is configured and the user name and password match a user name and password on the LDAP server, the connection is allowed. If the user name and password do not match a user name and password on the LDAP server, the connection is dropped.

If the user group contains user names, RADIUS servers, and LDAP servers, the FortiGate unit checks them in the order in which they have been added to the user group.

FortiGate-400 Installation and Configuration Guide

201

Page 201
Image 201
Fortinet 400 manual Users and authentication, 201