Vpn Client-Based Authentication; The Fortigate Administrator's View Of Authentication - Fortinet FortiGate User Manual
User authentication
Hide thumbs
Also See for FortiGate:
- Installation manual (77 pages) ,
- Quick start manual (28 pages) ,
- Installation manual (64 pages)
Table of Contents
Advertisement
The FortiGate administrator's view of authentication
VPN client-based authentication
The FortiGate administrator's view of authentication
6
VPNs provide remote clients with access to a private network for a variety of
services: web browsing, email, file shares and so on. A client program such as
FortiClient negotiates the connection to the VPN and manages the user
authentication challenge from the FortiGate unit.
FortiClient can store the user name and password for a VPN as part of the
configuration for the VPN connection and pass them to the FortiGate unit as
needed. Or, FortiClient can request the user name and password from the user
when the FortiGate unit requests them.
User access expires after a period of inactivity, the authentication timeout, that the
administrator configures. The default is five minutes. The user must then
authenticate again.
Note: In firmware releases prior to version 2.80 MR6, the authentication timeout period is
elapsed time, not inactive time.
Authentication is based on user groups. You configure authentication parameters
for firewall policies and VPN tunnels to permit access only to members of
particular user groups. A member of a user group can be:
•
a user whose user name and password are stored on the FortiGate unit
•
a user whose name is stored on the Fortigate unit and whose password is
stored on an external authentication server
•
an external authentication server with a database that contains the user name
and password of each person who is permitted access
You need to set up authentication in the following order:
1
If external authentication is needed, configure the required servers.
•
See
"Configuring the FortiGate unit to use a RADIUS server" on page
•
See
"Configuring the FortiGate unit to use an LDAP server" on page
•
See
"Configuring the FortiGate unit to use an Active Directory server" on
page
13.
2
Configure local user identities. For each user, you can choose whether the
FortiGate unit or an external authentication server verifies the password.
•
See
"Defining local users" on page
3
Create user groups.
Add local users to each user group as appropriate. You can also add an
authentication server to a user group. In this case, all users in the server's
database can authenticate.
•
See
"Defining user groups" on page
4
Configure firewall policies and VPN tunnels that require authenticated access.
See
"Configuring authentication for a firewall policy" on page
See
"Authenticating PPTP and L2TP VPN users" on page
See
"Authenticating remote IPSec VPN users using dialup groups" on page
15.
17.
20.
22.
FortiGate User Authentication Version 1 Guide
01-28007-0233-20050825
Introduction
9.
12.
23.
- Quick Links:
- Introduction
Hide quick links:
Advertisement
Table of Contents
