1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate 60M
  6. User manual

Firewall Policy Order; Vpn Authentication - Fortinet FortiGate User Manual

User authentication
Hide thumbs Also See for FortiGate:
Table of Contents

Advertisement

Configuring authenticated access
5
6
7
8
9
10

Firewall policy order

1
2
3
4
5

VPN authentication

FortiGate User Authentication Version 1 Guide
01-28007-0233-20050825
Set Source Address and Destination Address to all.
From the Schedule list, select always.
From the Service list, select DNS.
From the Action list, select ACCEPT.
Select OK.
In the Policy list, select Move To for the DNS policy and move it so that it precedes
the policy that provides access to the Internet.
The FortiGate unit performs authentication only on requests to access HTTP,
HTTPS, FTP and Telnet. Once the user is authenticated, the user can access
other services if the firewall policy permits.
The firewall policies that you create must be correctly placed in the policy list to be
effective. The firewall evaluates a connection request by checking the policy list
from the top down, looking for the first policy that matches the source and
destination addresses of the packet. Keep these rules in mind:
More specific policies must be placed above more general ones.
Any policy that requires authentication must be placed above any similar policy
that does not.
If a user fails authentication, the firewall drops the request and does not check
for a match with any of the remaining policies.
If you create a policy that requires authentication for HTTP access to the
Internet, you must precede this policy with a policy for unauthenticated access
to the appropriate DNS server.
To change the position of a policy in the policy list
Go to Firewall > Policy.
If necessary, expand the list to view your policies.
Select the Move To icon beside the policy you want to move.
Select the position for the policy.
Select OK.
All VPN configurations require users to authenticate. Authentication based on
user groups applies to:
PPTP and L2TP VPNs
an IPSec VPN that authenticates users using dialup groups
a dialup IPSec VPN that uses XAUTH authentication (Phase 1)
This document does not describe the use of certificates for VPN authentication.
See the FortiGate VPN Guide for information on this type of authentication.
VPN authentication
21
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate

Related Content for Fortinet FortiGate

Table of Contents