Fortinet v3.0 MR7 Firewall policy authentication

FortiOS v3.0 MR7 User Authentication User Guide

48 01-30007-0347-20080828

Firewall policy authentication Configuring authenticated access

When user authentication is enabled on a firewall policy, the authentication

challenge is normally issued for any of the four protocols (dependent on the

connection protocol). By making selections in the Protocol Support list, the user

controls which protocols support the authentication challenge. The user must

connect with a supported protocol first so they can subsequently connect with

other protocols. If you have selected HTTP, FTP, or Telnet, user name and

password-based authentication occurs: the FortiGate unit prompts network users

to input their firewall user name and password. If you have selected HTTPS,

certificate-based authentication (HTTPS, or HTTP redirected to HTTPS only)

occurs: you must install customized certificates on the FortiGate unit and on the

browsers of network users.

To set the authentication protocols

1Go to User > Authentication.

2In Protocol Support, select the required authentication protocols.

3If using HTTPS protocol support, in Certificate, select a Local certificate from the

drop-down list.

4Click Apply.

Figure 22: Authentication Settings

Firewall policy authentication

Firewall policies control traffic between FortiGate interfaces, both physical

interfaces and VLAN subinterfaces. Without authentication, a firewall policy

enables access from one network to another for all users on the source network.

Authentication enables you to allow access only for users who are members of

selected user groups.

Note: If you do not install certificates on the network user’s web browser, the network users

may see an SSL certificate warning message and have to manually accept the default

FortiGate certificate. The network user’s web browser may deem the default certificate as

invalid.

Note: When you use certificate authentication, if you do not specify any certificate when

you create the firewall policy, the global settings are used. If you specify a certificate, the

per-policy setting will overwrite the global setting. For information about the use of

certificate authentication, see the FortiGate Certificate Management User Guide.