Fortinet v3.0 MR7 manual Users/peers and user groups

Users/peers and user groups

FortiGate authentication controls system access by user group. First you configure users/peers, then you create user groups and add users/peers to them.

•Configure local user accounts. For each user, you can choose whether the password is verified by the FortiGate unit, by a RADIUS server, by an LDAP server, or by a TACACS+ server. See “Creating local users” on page 34.

•Configure your FortiGate unit to authenticate users by using your RADIUS, LDAP, or TACACS+ servers. See “Configuring the FortiGate unit to use a RADIUS server” on page 16, “Configuring the FortiGate unit to use an LDAP server” on page 21, and “Configuring the FortiGate unit to use a TACACS+ authentication server” on page 25.

•Configure access to the FortiGate unit if you use a Directory Service server for authentication. See “Configuring the FortiGate unit to use a Directory Service server” on page 28.

•Configure for certificate-based authentication for administrative access (HTTPS web-based manager), IPSec, SSL-VPN, and web-based firewall authentication.

For each network resource that requires authentication, you specify which user groups are permitted access to the network. There are three types of user groups: Firewall, Directory Service, and SSL VPN. See “Configuring user groups” on page 41 and “Configuring Directory Service user groups” on page 42.

This section describes:

•Users/peers

•User groups

Users/peers

A user is a user/peer account configured on the FortiGate unit and/or on a remote or external authentication server. Users can access resources that require authentication only if they are members of an allowed user group.

Table 2: How the FortiGate unit authenticates different types of users

FortiOS v3.0 MR7 User Authentication User Guide