|
|
|
Configuring authenticated access | VPN authentication |
Note: The SSL protocol requires that the FortiGate unit identify itself whenever a web browser accesses the web portal login page through an HTTPS link. If you would like to configure the FortiGate unit to identify itself using a
Certificate Management User Guide.
To enable strong authentication for an SSL VPN
1Go to VPN > SSL > Config.
2Select Require Client Certificate, and then select Apply.
3Go to Firewall > Policy.
4Select the Edit icon in the row that corresponds to the firewall policy for traffic generated by holders of the group certificate.
5Select SSL Client Certificate Restrictive.
6Select OK.
For information about how to create user accounts and user groups, see the FortiGate Administration Guide. For detailed information about configuring SSL VPNs, see the FortiGate SSL VPN User Guide.
Configuring authentication of VPN peers and clients
After the required server or group certificates and CA root certificates have been installed on the VPN peers and clients, the peers and clients identify themselves using those certificates when prompted by the FortiGate unit. The FortiGate unit provides its public key to the remote peer or client so that the remote peer or client can send encrypted messages to the FortiGate unit. Conversely, the remote peer or client provides its public key to the FortiGate unit, which uses the key to encrypt messages destined for the remote peer or client.
Configuring authentication of PPTP VPN users/user groups
To configure authentication for a PPTP VPN -
1Configure the users who are permitted to use this VPN. Create a user group and add them to it.
For more information, see “Users/peers and user groups” on page 33.
2Go to VPN > PPTP.
Figure 27: PPTP VPN Range settings
3Select Enable PPTP.
FortiOS v3.0 MR7 User Authentication User Guide |
|
55 |
