Remote; Radius - Fortinet FortiGate Series Administration Manual

User

Remote

RADIUS

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Supported IM protocols include:
• MSN 6.0 and above
• ICQ 4.0 and above
• AIM 5.0 and above
• Yahoo 6.0 and above
If you want to block a protocol that is older than the ones listed above, use the CLI
command:
config imp2p old-version
For more information, see the
Remote authentication is generally used to ensure that employees working offsite can
remotely access their corporate network with appropriate security measures in place. In
general terms, authentication is the process of attempting to verify the (digital) identity of
the sender of a communication such as a login request. The sender may be someone
using a computer, the computer itself, or a computer program. Since a computer system
should be used only by those who are authorized to do so, there must be a measure in
place to detect and exclude any unauthorized access.
On a FortiGate unit, you can control access to network resources by defining lists of
authorized users, called user groups. To use a particular resource, such as a network or
VPN tunnel, the user must:
• belong to one of the user groups that is allowed access
• correctly enter a user name and password to prove his or her identity, if asked to do so.
Remote Authentication and Dial-in User Service (RADIUS) servers provide authentication,
authorization, and accounting functions. FortiGate units use the authentication function of
the RADIUS server. To use the RADIUS server for authentication, you must configure the
server before you configure the FortiGate users or user groups that will need it.
If you have configured RADIUS support and a user is required to authenticate using a
RADIUS server, the FortiGate unit sends the user's credentials to the RADIUS server for
authentication. If the RADIUS server can authenticate the user, the user is successfully
authenticated with the FortiGate unit. If the RADIUS server cannot authenticate the user,
the FortiGate unit refuses the connection. You can override the default authentication
scheme by selecting a specific authentication protocol or changing the default port for
RADIUS traffic.
Note: The default port for RADIUS traffic is 1812. If your RADIUS server is using port 1645,
use the CLI to change the default RADIUS port. For more information, see the config
system global command in the
To view the list of RADIUS servers, go to User > Remote > RADIUS.
FortiGate CLI Reference.
FortiGate CLI Reference.
Remote
655