Dynamically Assigning Vpn Client Ip Addresses From A User Group - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
User
Dynamically assigning VPN client IP addresses from a user group
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Domain
Categories
Ask
Override Time
Constant
Ask
Protection Profiles
Available
Permission Granted For
SSL VPN tunnel mode, dialup IPSec VPN, and PPTP VPN sessions can assign IP
addresses to remote users by getting the IP address to assign to the user from the
Framed-IP-Address field in the RADIUS record received when the RADIUS server
confirms that the user has authenticated successfully. See
more information about RADIUS fields.
For the FortiGate unit to dynamically assign an IP address, the VPN users must be
configured for RADIUS authentication and you must include the IP address to assign to
the user in the Framed-IP-Address RADIUS field on your RADIUS server. You configure
each type of VPN differently. In each case you are associating the configuration that
assigns IP addresses to users with a user group.
Assigning IP addresses from a RADIUS record replaces dynamically assigning IP
addresses from an address range. You cannot include an IP address range and assigning
IP addresses from a RADIUS record in the same configuration.
To add a RADIUS server that assigns IP addresses
1 Go to User > Remote > RADIUS and select Create New to add a RADIUS server.
2 Configure the RADIUS server as require.
No special FortiGate configuration is required.
3 Select OK to save the RADIUS server.
To dynamically assign IP addresses for SSL VPN tunnel mode users
To use a RADIUS server to assign IP addresses for SSL VPN tunnel mode users, you
enable tunnel mode for an SSL VPN portal by adding the Tunnel Mode widget to the
portal. In the Tunnel Mode widget set IP Mode to User Group. You must also add the
portal and the RADIUS server that assigns IP addresses to the same SSL VPN user
group. Finally, you must select the user group in an SSL VPN firewall policy.
1 Go to VPN > SSL > Portal.
2 Create a new or edit an SSL VPN portal.
3 Add a Tunnel mode widget to the portal or edit the tunnel mode widget if it has already
been added to the portal.
4 Set IP Mode to User Group and save the changes to the portal.
The entire website domain.
The FortiGuard category.
Authenticating user, who chooses the override type.
Select to set the duration of the override:
Select to set the duration of override in days, hours, minutes.
Authenticating user, who determines the duration of override.
The duration set is the maximum.
One protection profile can have several user groups with
override permissions. Verification of the user group occurs
once the user name and password are entered. The overrides
can still be enabled or not enabled on a profile-wide basis
regardless of the user groups that have permissions to
override the profile.
The list of defined protection profiles applied to user groups
that have override privileges.
User Group
RFC 2865
and
RFC 2866
for
673
Advertisement
Table of Contents
