Fortinet v3.0 MR7 VPN authentication

FortiOS v3.0 MR7 User Authentication User Guide

52 01-30007-0347-20080828

VPN authentication Configuring authenticated access

VPN authentication

All VPN configurations require users to authenticate. Authentication based on

user groups applies to:

• SSL VPNs

• PPTP and L2TP VPNs

• an IPSec VPN that authenticates users using dialup groups

• a dialup IPSec VPN that uses XAUTH authentication (Phase 1)

This document does not describe the use of certificates for VPN authentication.

See the FortiGate IPSec VPN User Guide and the FortiGate Certificate

Management User Guide for information on this type of authentication.

You must create user accounts and user groups before performing the procedures

in this section. If you create a user group for dialup IPSec clients or peers that

have unique peer IDs, their user accounts must be stored locally on the FortiGate

unit. You cannot authenticate these types of users using a RADIUS or LDAP

server.

Configuring authentication of SSL VPN users

To configure authentication for an SSL VPN - web-based manager

1Configure the users who are permitted to use this VPN. Create a user group and

add them to it.

For more information, see “Users/peers and user groups” on page 33.

2Go to VPN > SSL.

3Select Enable SSL-VPN and enter information as follows:

Figure 26: SSL VPN Settings

Enable SSL VPN Select to enable SSL VPN connections.

Tunnel IP Range Specify the range of IP addresses reserved for tunnel-

mode SSL VPN clients. Type the starting and ending

address that defines the range of reserved IP

addresses.

Contents

Main Page Contents FortiGate authentication servers.................................................... 15 Users/peers and user groups......................................................... 31 Configuring authenticated access................................................. 43 Introduction About authentication Users view of authentication Web-based user authentication VPN client-based authentication FortiGate administrators view of authentication Authentication servers Public Key Infrastructure (PKI) authentication Peers Users User groups Authentication timeout About this document Document conventions Typographic conventions FortiGate documentation ! Related documentation FortiManager documentation FortiClient documentation FortiMail documentation FortiAnalyzer documentation Fortinet Tools and Documentation CD Customer service and technical support Authentication servers RADIUS servers Configuring the FortiGate unit to use a RADIUS server Page Page LDAP servers Page Configuring the FortiGate unit to use an LDAP server Page Page Using the Query icon TACACS+ servers Configuring the FortiGate unit to use a TACACS+ authentication server Page Directory Service servers Configuring the FortiGate unit to use a Directory Service server Page Page Page Page Users/peers and user groups Users/peers Creating local users Page Creating peer users Page Page User groups Firewall user groups Directory Service user groups SSL VPN user groups Protection profiles Configuring user groups Configuring Directory Service user groups Configuring SSL VPN user groups Configuring Peer user groups Viewing a list of user groups Page Page Configuring authenticated access Authentication timeout Authentication protocols Firewall policy authentication Configuring authentication for a firewall policy Firewall policy order Configuring authenticated access to the Internet VPN authentication Configuring authentication of SSL VPN users Page Configuring strong authentication of SSL VPN users/user groups Configuring authentication of VPN peers and clients Configuring authentication of PPTP VPN users/user groups Configuring authentication of L2TP VPN users/user groups Configuring authentication of remote IPSec VPN users Page Configuring XAuth authentication Page Page Index A B C D E F H I K M N P Q R U V W X