Table of Contents
Advertisement
User's view of authentication
User's view of authentication
Web-based user authentication
VPN client-based authentication
6
The user sees a request for authentication when they try to access a protected
resource. The way in which the request is presented to the user depends on the
method of access to that resource.
VPN authentication usually controls remote access to a private network.
Firewall policies usually control browsing access to an external network that
provides connection to the Internet. In this case, the FortiGate unit requests
authentication through the web browser:
The user types a user name and password and then selects Continue/Login. If the
credentials are incorrect, the authentication screen is redisplayed with blank fields
so that the user can try again. When the user enters valid credentials, they get
access to the required resource. In some cases, if a user tries to authenticate
several times without success, a message appears, such as: "Too many bad login
attempts. Please try again in a few minutes."
Note: After a defined period of user inactivity (the authentication timeout, defined
by the FortiGate administrator), the user access will expire. The default is 5
minutes. To access the resource, the user will have to authenticate again.
VPNs provide remote clients with access to a private network for a variety of
services that include web browsing, email, and file sharing. A client program such
as FortiClient negotiates the connection to the VPN and manages the user
authentication challenge from the FortiGate unit.
FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828
Introduction
Advertisement
Table of Contents
