Configuring authenticated access

Firewall policy authentication

The FortiGate unit performs authentication only on requests to access HTTP, HTTPS, FTP, and Telnet. Once the user is authenticated, the user can access other services if the firewall policy permits.

4Select the position of the DNS policy so that it precedes the policy that provides access to the Internet.

Figure 25: Move firewall policy position selection

5Select OK.

Configuring authenticated access to the Internet

A policy for accessing the Internet is similar to a policy for accessing a specific network, but the destination address is set to all. The destination interface is the one that connects to the Internet service provider. For general purpose Internet access, the Service is set to ANY.

Access to HTTP, HTTPS, FTP and Telnet sites may require access to a domain name service. DNS requests do not trigger authentication. You must configure a policy to permit unauthenticated access to the appropriate DNS server, and this policy must precede the policy for Internet access.

To configure a firewall policy for access to a DNS server - web-based manager

1Go to Firewall > Policy.

2Select Create New to create a new firewall policy, enter the following information, and select OK.

Source Interface/

List of source interfaces available. Select the interface to which

Zone

computers on your network are connected.

Source Address

List of source address names. Select all.

Destination Interface/ List of destination interfaces available. Select the interface that

Zone

connects to the Internet.

Destination Address List of destination address names. Select all.

Schedule

List of available schedules. Select always.

Service

List of available services. Select DNS.

Action

List of available authentication result actions. Select ACCEPT.

Note: Position the DNS server in the firewall policy list according to the guidelines outlined in “Firewall policy order”.

FortiOS v3.0 MR7 User Authentication User Guide

 

01-30007-0347-20080828

51

Page 51
Image 51
Fortinet v3.0 MR7 manual Configuring authenticated access to the Internet, Source Interface, Zone