Firewall policy authentication

Configuring authenticated access

When user authentication is enabled on a firewall policy, the authentication challenge is normally issued for any of the four protocols (dependent on the connection protocol). By making selections in the Protocol Support list, the user controls which protocols support the authentication challenge. The user must connect with a supported protocol first so they can subsequently connect with other protocols. If you have selected HTTP, FTP, or Telnet, user name and password-based authentication occurs: the FortiGate unit prompts network users to input their firewall user name and password. If you have selected HTTPS, certificate-based authentication (HTTPS, or HTTP redirected to HTTPS only) occurs: you must install customized certificates on the FortiGate unit and on the browsers of network users.

Note: If you do not install certificates on the network user’s web browser, the network users may see an SSL certificate warning message and have to manually accept the default FortiGate certificate. The network user’s web browser may deem the default certificate as invalid.

Note: When you use certificate authentication, if you do not specify any certificate when you create the firewall policy, the global settings are used. If you specify a certificate, the per-policy setting will overwrite the global setting. For information about the use of certificate authentication, see the FortiGate Certificate Management User Guide.

To set the authentication protocols

1Go to User > Authentication.

2In Protocol Support, select the required authentication protocols.

3If using HTTPS protocol support, in Certificate, select a Local certificate from the drop-down list.

4Click Apply.

Figure 22: Authentication Settings

Firewall policy authentication

Firewall policies control traffic between FortiGate interfaces, both physical interfaces and VLAN subinterfaces. Without authentication, a firewall policy enables access from one network to another for all users on the source network. Authentication enables you to allow access only for users who are members of selected user groups.

 

FortiOS v3.0 MR7 User Authentication User Guide

48

01-30007-0347-20080828

Page 48
Image 48
Fortinet v3.0 MR7 manual Firewall policy authentication, Authentication Settings