FortiGate-500 安装和配置指南 2.50

用户认证

FortiGate 支持使用 FortiGate 用户数据库、RADIUS 服务器和 LDAP 服务器的用户 认证。您可以把用户名添加到 FortiGate 用户数据库中,然后为用户设置一个密码以 允许用户使用这个内部数据库进行认证。也可以添加一个 RADIUS 服务器并且选择 RADIUS,以允许用户使用选定的 RADIUS 服务器进行认证或添加一个 LDAP 服务器并且 选择 LDAP,以允许用户使用选定的 LDAP 服务器进行认证。您还可以禁用某些用户使他 们无法通过 FortiGate 进行认证。

要启用认证,您须在一个或者多个用户组中添加用户名,也可以把 RADIUS 服务 器和 LDAP 服务器添加到用户组中。然后当您需要认证的时候,可以选择相应的用户 组。

可以在以下操作中要求认证:

·任何 动作 被设置为 接受 的防火墙策略 ·IPSec 拨号用户第一阶段配置

·第一阶段 IPSec VPN 配置的 XAuth 功能 ·PPTP

·L2TP

当一个用户输入用户名和密码时,FortiGate 在内部用户数据库上搜索匹配的用户 名。如果这个用户名被设置成了禁用,那这个用户就无法取得认证,连接将被放。 如果这个用户设置了密码并且密码匹配,那就允许连接。如果密码不匹配,连接同 样会被放

如果选择的是 RADIUS,而且配置了 RADIUS 支持,用户名和密码与 RADIUS 服务器 中的用户名和密码相匹配,则允许连接。如果用户名和密码不同于 RADIUS 服务器中的 用户名和密码,连接将被放

如果选择的是 LDAP,而且配置了 LDAP 支持,用户名和密码与 LDAP 服务器中的用 户名和密码相匹配,则允许连接。如果用户名和密码不同于 LDAP 服务器中的用户名和 密码,连接将被放

如果在用户组中包含了用户名、RADIUS 服务器和 LDAP 服务器,FortiGate 设备按 它们被添加到用户组的顺序在其中检索用户名。

本章描述了以下内容:

·设置认证超时

·添加用户名并配置认证

·配置 RADIUS 支持

·配置 LDAP 支持 ·配置用户组

FortiGate-500 安装和配置指南

173

Page 185
Image 185
Fortinet 500 manual 173, ·设置认证超时 ·添加用户名并配置认证 ·配置 Radius 支持 ·配置 Ldap 支持 ·配置用户组

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.