Manuals / Fortinet / Computer Equipment / Network Card

Fortinet v3.0 MR7 Server Port, Common Name, Identifier, Distinguished Name, Query icon, Bind Type

Models: v3.0 MR7

1 66

Download 66 pages 4.08 Kb

Page 22

LDAP servers

Authentication servers

Figure 3: Configure FortiGate unit for LDAP authentication

Query Icon

Name	Enter the name that identifies the LDAP server on the FortiGate
	unit.
Server Name/IP	Enter the domain name or IP address of the LDAP server.
Server Port	Enter the TCP port used to communicate with the LDAP server.
	By default, LDAP uses port 389.
	If you use a secure LDAP server, the default port changes when
	you select Secure Connection.
Common Name	Enter the common name identifier for the LDAP server. The
Identifier	maximum number of characters is 20.
Distinguished Name	Enter the base distinguished name for the server using the
	correct X.500 or LDAP format. The FortiGate unit passes this
	distinguished name unchanged to the server. The maximum
	number of characters is 512.
Query icon	View the LDAP server Distinguished Name Query tree for the
	LDAP server that you are configuring so that you can cross-
	reference to the Distinguished Name.
	For more information, see the “Using the Query icon” on
	page 24.
Bind Type	Select the type of binding for LDAP authentication.
Regular	Connect to the LDAP server directly with user name/password,
	then receive accept or reject based on search of given values.
Anonymous	Connect as an anonymous user on the LDAP server, then
	retrieve the user name/password and compare them to given
	values.
Simple	Connect directly to the LDAP server with user name/password
	authentication.
Filter	Enter the filter to use for group searching. Available if Bind Type
	is Regular or Anonymous.
User DN	Enter the Distinguished name of the user to be authenticated.
	Available if Bind Type is Regular.
Password	Enter the password of the user to be authenticated. Available if
	Bind Type is Regular.
Secure Connection	Select to use a secure LDAP server connection for
	authentication.
	FortiOS v3.0 MR7 User Authentication User Guide

22	01-30007-0347-20080828

Image 22

Fortinet v3.0 MR7 Server Port, Common Name, Identifier, Distinguished Name, Query icon, Bind Type, Regular, Anonymous

Contents

E R G U I D E FortiOS v3.0 MR7 User Authentication User Guide TrademarksContents Index Configuring authenticated accessUsers/peers and user groups Creating local users Creating peer usersAbout authentication IntroductionWeb-based user authentication User’s view of authenticationVPN client-based authentication FortiGate administrator’s view of authentication See Creating local users on See Creating peer users onAuthentication servers See Configuring user groups onUsers Public Key Infrastructure PKI authenticationPeers User groupsFirewall policies Authentication timeoutAbout this document VPN tunnelsFortiGate documentation Name field, type adminTypographic conventions FortiGate Administration Guide Related documentationFortiMail documentation FortiManager documentationFortiClient documentation FortiAnalyzer documentationFortinet Knowledge Center Customer service and technical supportFortinet Tools and Documentation CD Comments on Fortinet technical documentationAuthentication servers Radius serversConfiguring the FortiGate unit to use a Radius server Radius attributes sent in Radius accounting messagePrimary Server Name/IP Primary Server SecretEdit icon Edit a Radius server configuration GroupLdap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Common Name PasswordServer Port IdentifierProtocol To configure the FortiGate unit for Ldap authentication CLIEdit CertificateUsing the Query icon Ldap server Distinguished Name Query treeTACACS+ servers AsciiAuthentication Type Server KeyDirectory Service servers Groups Create NewDomain Fsae Collector IPDirectory Service server configuration Name Fsae Collector IP/Name PortCLI Example Directory Service server list Directory Service servers Users/peers and user groups Users/peersCreating local users User type AuthenticationTo create a local user web-based manager Go to User Local Delete icon Edit icon To view a list of all local users, go to User LocalTo create a local user CLI Creating peer users To remove a user from the FortiGate unit configuration CLIDelete icon To view a list of PKI peer users, go to User PKI Authenticating peer userSubject To create a peer user for PKI authentication CLI Remove PKI peer userUser groups Directory Service user groupsFirewall user groups SSL VPN user groups Protection profilesSelect Create New and enter the following information Configuring user groupsFirewall Members Configuring Directory Service user groupsTo create a firewall user group CLI FortiGuard WebConfiguring SSL VPN user groups Available Users/Groups or Available MembersTo create a peer group CLI Configuring Peer user groupsViewing a list of user groups Group NameConfig user group delete groupname End User groups Enter the Idle Timeout value seconds Select Apply Authentication timeoutAuthentication protocols TelnetFirewall policy authentication Authentication SettingsTo configure authentication for a firewall policy Configuring authentication for a firewall policyAuthentication is an Advanced firewall option Go to Firewall PolicyFirewall policy order Firewall Policy Move ToSource Interface Configuring authenticated access to the InternetZone Select Enable SSL-VPN and enter information as follows VPN authenticationConfiguring authentication of SSL VPN users Go to VPN SSLRequire Client Certificate Default RC4128Server Certificate Encryption Key AlgorithmTo configure authentication for an SSL VPN CLI Select Enable Pptp Configuring authentication of VPN peers and clientsConfiguring authentication of Pptp VPN users/user groups Select Require Client Certificate, and then select ApplyTo configure authentication for a Pptp VPN CLI Configuring authentication of L2TP VPN users/user groupsConfiguring authentication of remote IPSec VPN users To configure authentication for an L2TP VPN CLIOnly users with passwords on the FortiGate unit To configure user group authentication for dialup IPSec CLIRemote Gateway Configuring XAuth authentication IPSec configuration for dialup usersXAuth To configure authentication for a dialup IPSec VPN CLIRemote Gateway Authentication Method Server TypeVPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA