About this document, Authentication timeout

About this document

Introduction

Authentication timeout

An authenticated connection expires when it has been idle for a length of time that you specify. The authentication timeout value set in User > Authentication > Authentication applies to every user of the system. The choice of timeout duration is a balance between security and user convenience. The default is

5 minutes. For information about setting the authentication timeout, see “Authentication timeout” on page 47.

Firewall policies

Access control is defined in the firewall policy that provides access to the network resource. For example, access to the Internet through the external interface from workstations on the internal network is made possible by an Internal to External firewall policy.

Firewall policies apply web filtering, antivirus protection, and spam filtering to the traffic they control according to a protection profile. If the firewall policy requires authentication, the protection profile in the firewall policy is disabled. Instead, the protection profile is configured in the authenticating user group.

For more information about firewall policies and protection profiles, see the Firewall chapters of the FortiGate Administration Guide.

VPN tunnels

When you configure a PPTP or L2TP VPN, you choose one user group to be permitted access. For IPSec VPNs, you can use authentication by user group or XAUTH authentication using an external authentication server as an alternative to authentication by peer ID. Access to SSL VPN applications is controlled through user groups. When the remote client connects to the FortiGate unit, the FortiGate unit authenticates the user based on user name, password, and authentication domain. Authentication for a VPN allows access to only one group.

For more information about VPNs, see the FortiGate PPTP VPN User Guide,

FortiGate SSL VPN User Guide, or the FortiGate IPSec VPN User Guide.