VPN authentication

Configuring authenticated access

VPN authentication

All VPN configurations require users to authenticate. Authentication based on user groups applies to:

SSL VPNs

PPTP and L2TP VPNs

an IPSec VPN that authenticates users using dialup groups

a dialup IPSec VPN that uses XAUTH authentication (Phase 1)

This document does not describe the use of certificates for VPN authentication. See the FortiGate IPSec VPN User Guide and the FortiGate Certificate Management User Guide for information on this type of authentication.

You must create user accounts and user groups before performing the procedures in this section. If you create a user group for dialup IPSec clients or peers that have unique peer IDs, their user accounts must be stored locally on the FortiGate unit. You cannot authenticate these types of users using a RADIUS or LDAP server.

Configuring authentication of SSL VPN users

To configure authentication for an SSL VPN - web-based manager

1Configure the users who are permitted to use this VPN. Create a user group and add them to it.

For more information, see “Users/peers and user groups” on page 33.

2Go to VPN > SSL.

3Select Enable SSL-VPN and enter information as follows:

Figure 26: SSL VPN Settings

Enable SSL VPN

Select to enable SSL VPN connections.

Tunnel IP Range

Specify the range of IP addresses reserved for tunnel-

 

mode SSL VPN clients. Type the starting and ending

 

address that defines the range of reserved IP

 

addresses.

FortiOS v3.0 MR7 User Authentication User Guide

52

01-30007-0347-20080828

Page 52
Image 52
Fortinet v3.0 MR7 manual VPN authentication, Configuring authentication of SSL VPN users, Go to VPN SSL, Tunnel IP Range