Manuals / Fortinet / Computer Equipment / Network Card

Fortinet v3.0 MR7 manual FortiGate administrator’s view of authentication

Models: v3.0 MR7

1 66
Download 66 pages 4.08 Kb
Page 7
Image 7

 

 

 

Introduction

FortiGate administrator’s view of authentication

FortiClient can store the user name and password for a VPN as part of the configuration for the VPN connection and pass them to the FortiGate unit as needed. Or, FortiClient can request the user name and password from the user when the FortiGate unit requests them.

SSL VPN is a form of VPN that can be used with a standard Web browser. There are two modes of SSL VPN operation (supported in NAT/Route mode only):

web-only mode, for thin remote clients equipped with a web-browser only

tunnel mode, for remote computers that run a variety of client and server applications.

Note: After a defined period of user inactivity on the VPN connection (the idle timeout, defined by the FortiGate administrator), the user access will expire. The default is 1500 seconds (25 minutes). To access the resource, the user will have to authenticate again.

FortiGate administrator’s view of authentication

Authentication is based on user groups. You configure authentication parameters for firewall policies and VPN tunnels to permit access only to members of particular user groups. A member of a user group can be:

a user whose user name and password are stored on the FortiGate unit

a user whose name is stored on the FortiGate unit and whose password is stored on a remote or external authentication server

a remote or external authentication server with a database that contains the user name and password of each person who is permitted access

1If remote or external authentication is needed, configure the required servers.

See “Configuring the FortiGate unit to use a RADIUS server” on page 16.

See “Configuring the FortiGate unit to use an LDAP server” on page 21.

See “Configuring the FortiGate unit to use a Directory Service server” on page 28.

2Configure local and peer (PKI) user identities (see “Public Key Infrastructure (PKI) authentication” on page 9). For each local user, you can choose whether the FortiGate unit or a remote authentication server verifies the password. Peer members can be included in user groups for use in firewall policies.

See “Creating local users” on page 34.

See “Creating peer users” on page 36.

FortiOS v3.0 MR7 User Authentication User Guide

 

01-30007-0347-20080828

7

Page 6 Page 8
Page 7
Image 7
Fortinet v3.0 MR7 FortiGate administrator’s view of authentication, See Creating local users on See Creating peer users on
Page 6 Page 8