Manuals / Fortinet / Computer Equipment / Network Card

Fortinet v3.0 MR7 Configuring SSL VPN user groups, Available Users/Groups or Available Members

Models: v3.0 MR7

1 66

Download 66 pages 4.08 Kb

Page 43


Users/peers and user groups	User groups

Figure 19: User group configuration - Directory Service

Right Arrow



			Left Arrow
Expand Arrow			Left Arrow
Expand Arrow
Name		Type or enter the name of the user group.
Type		Select the user group type:
		Firewall		Select this group in any firewall policy that
				requires Firewall authentication.
		Directory Service Select this group in any firewall policy that
				requires Directory Service authentication.
		SSL VPN		Select this group in any firewall policy with
				Action set to SSL VPN.
				Not available in Transparent mode.
Protection Profile		Available only if Type is Firewall or Directory Service.
		Select a protection profile for this user group from the list. To
		create a new protection profile, select Create New from this list.
		Enter the appropriate information and select OK.

Available Users/Groups or

Available Members*

Members

The list of Local users, RADIUS servers, LDAP servers, TACACS+ servers, Directory Service users/user groups, or PKI users that can be added to the user group. To add a member to this list, select the name and then select the Right Arrow.

* Available Members if user group type is Directory Service.

The list of Local users, RADIUS servers, LDAP servers, TACACS+ servers, Directory Service users/user groups, or PKI users that belong to the user group. To remove a member, select the name and then select the Left Arrow.

FortiGuard Web	Available only if Type is Firewall or Directory Service.
Filtering Override	Configure Web Filtering override capabilities for this group.
SSL-VPN User Group	Available only if Type is SSL VPN.
Options

Configuring SSL VPN user groups

For detailed instructions about how to configure SSL VPN web-only mode or tunnel mode operation, see the FortiGate SSL VPN User Guide.

FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828	43

Image 43

Fortinet v3.0 MR7 manual Configuring SSL VPN user groups, Available Users/Groups or Available Members

Contents

E R G U I D E Trademarks FortiOS v3.0 MR7 User Authentication User GuideContents Creating local users Creating peer users Configuring authenticated accessUsers/peers and user groups IndexIntroduction About authenticationWeb-based user authentication User’s view of authenticationVPN client-based authentication See Creating local users on See Creating peer users on FortiGate administrator’s view of authenticationSee Configuring user groups on Authentication serversUser groups Public Key Infrastructure PKI authenticationPeers UsersVPN tunnels Authentication timeoutAbout this document Firewall policiesFortiGate documentation Name field, type adminTypographic conventions Related documentation FortiGate Administration GuideFortiAnalyzer documentation FortiManager documentationFortiClient documentation FortiMail documentationComments on Fortinet technical documentation Customer service and technical supportFortinet Tools and Documentation CD Fortinet Knowledge CenterRadius servers Authentication serversRadius attributes sent in Radius accounting message Configuring the FortiGate unit to use a Radius serverPrimary Server Secret Primary Server Name/IPGroup Edit icon Edit a Radius server configurationLdap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Identifier PasswordServer Port Common NameCertificate To configure the FortiGate unit for Ldap authentication CLIEdit ProtocolLdap server Distinguished Name Query tree Using the Query iconAscii TACACS+ serversServer Key Authentication TypeDirectory Service servers Fsae Collector IP Create NewDomain GroupsFsae Collector IP/Name Port Directory Service server configuration NameCLI Example Directory Service server list Directory Service servers Users/peers Users/peers and user groupsCreating local users User type AuthenticationTo create a local user web-based manager Go to User Local Delete icon Edit icon To view a list of all local users, go to User LocalTo create a local user CLI Creating peer users To remove a user from the FortiGate unit configuration CLIDelete icon To view a list of PKI peer users, go to User PKI Authenticating peer userSubject Remove PKI peer user To create a peer user for PKI authentication CLIUser groups Directory Service user groupsFirewall user groups Protection profiles SSL VPN user groupsSelect Create New and enter the following information Configuring user groupsFirewall FortiGuard Web Configuring Directory Service user groupsTo create a firewall user group CLI MembersAvailable Users/Groups or Available Members Configuring SSL VPN user groupsGroup Name Configuring Peer user groupsViewing a list of user groups To create a peer group CLIConfig user group delete groupname End User groups Telnet Authentication timeoutAuthentication protocols Enter the Idle Timeout value seconds Select ApplyAuthentication Settings Firewall policy authenticationGo to Firewall Policy Configuring authentication for a firewall policyAuthentication is an Advanced firewall option To configure authentication for a firewall policyFirewall Policy Move To Firewall policy orderSource Interface Configuring authenticated access to the InternetZone Go to VPN SSL VPN authenticationConfiguring authentication of SSL VPN users Select Enable SSL-VPN and enter information as followsEncryption Key Algorithm Default RC4128Server Certificate Require Client CertificateTo configure authentication for an SSL VPN CLI Select Require Client Certificate, and then select Apply Configuring authentication of VPN peers and clientsConfiguring authentication of Pptp VPN users/user groups Select Enable PptpTo configure authentication for an L2TP VPN CLI Configuring authentication of L2TP VPN users/user groupsConfiguring authentication of remote IPSec VPN users To configure authentication for a Pptp VPN CLIOnly users with passwords on the FortiGate unit To configure user group authentication for dialup IPSec CLIRemote Gateway IPSec configuration for dialup users Configuring XAuth authenticationServer Type To configure authentication for a dialup IPSec VPN CLIRemote Gateway Authentication Method XAuthVPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA