Table of Contents
Advertisement
About this document
Authentication timeout
Firewall policies
VPN tunnels
About this document
Document conventions
10
An authenticated connection expires when it has been idle for a length of time that
you specify. The authentication timeout value set in User > Authentication >
Authentication applies to every user of the system. The choice of timeout
duration is a balance between security and user convenience. The default is
5 minutes. For information about setting the authentication timeout, see
"Authentication timeout" on page
Access control is defined in the firewall policy that provides access to the network
resource. For example, access to the Internet through the external interface from
workstations on the internal network is made possible by an Internal to External
firewall policy.
Firewall policies apply web filtering, antivirus protection, and spam filtering to the
traffic they control according to a protection profile. If the firewall policy requires
authentication, the protection profile in the firewall policy is disabled. Instead, the
protection profile is configured in the authenticating user group.
For more information about firewall policies and protection profiles, see the
Firewall chapters of the
FortiGate Administration
When you configure a PPTP or L2TP VPN, you choose one user group to be
permitted access. For IPSec VPNs, you can use authentication by user group or
XAUTH authentication using an external authentication server as an alternative to
authentication by peer ID. Access to SSL VPN applications is controlled through
user groups. When the remote client connects to the FortiGate unit, the FortiGate
unit authenticates the user based on user name, password, and authentication
domain. Authentication for a VPN allows access to only one group.
For more information about VPNs, see the
FortiGate SSL VPN User Guide,
This document explains how to configure authentication for firewall policies, PPTP,
L2TP and SSL VPNs, and dialup IPSec VPNs, and contains the following
chapters:
•
Authentication servers
and Microsoft Active Directory authentication servers.
•
Users/peers and user groups
user groups.
•
Configuring authenticated access
timeouts, configure authentication in firewall policies, for PPTP, L2TP and SSL
VPNs, and certain configurations of IPSec VPNs.
The following document conventions are used in this guide:
47.
Guide.
FortiGate PPTP VPN User Guide,
or the
FortiGate IPSec VPN User
contains procedures for configuring RADIUS, LDAP,
contains procedures for defining users/peers and
contains procedures to set authentication
FortiOS v3.0 MR7 User Authentication User Guide
Introduction
Guide.
01-30007-0347-20080828
Advertisement
Table of Contents
