Table of Contents
Advertisement
Firewall Policy
Options to check FortiClient on hosts
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
SSL Client
Allow traffic generated by holders of a (shared) group certificate. The
holders of the group certificate must be members of an SSL VPN user
Certificate
group, and the name of that user group must be present in the Allowed
Restrictive
field.
Cipher Strength Select one of the following options to determine the level of SSL
encryption to use. The web browser on the remote client must be
capable of matching the level that you select:
• To use any cipher suite, select Any.
• To use a 164-bit or greater cipher suite, select High >= 164.
• To use a 128-bit or greater cipher suite, select Medium >= 128.
User
Select one of the following options:
Authentication
• If the user group that will be bound to this firewall policy is a local user
group, select Local.
Method
• If the remote clients will be authenticated by an external RADIUS
server, select Radius.
• If the remote clients will be authenticated by an external LDAP server,
select LDAP.
• Select Any to enable all of the above authentication methods. Local is
attempted first, then Radius, then LDAP.
Available Groups Select the name of the user group requiring SSL VPN access, and then
select the right-pointing arrow. Do not select more than one user group
unless all members of the selected user groups have identical access
requirements.
For information about how to create a firewall encryption policy for SSL VPN
users, see the "SSL VPN administration tasks" chapter of the
User
Guide.
On the FortiGate model 1000A, 3600A, and 5005FA2, firewall policies can deny
access for hosts that do not have FortiClient Host Security software installed and
operating. This feature can detect FortiClient software version 3.0 MR2 or later.
Figure 126:FortiClient Host Security check options
Configuring firewall policies
FortiGate SSL VPN
227
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
