Administrators System Admin
FortiGate Version 4.0 MR1 Administration Guide
278 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
For further information about TACACS+ authentication, see “Configuring TACACS+
servers” on page 661.
To create the user group (TACACS+)
1 Go to User > User Group.
2 Select Create New, or select the Edit icon beside an existing user group.
3 Enter a Name that identifies the user group.
4 For Type, select Firewall.
5 In the Available Users/Groups list, select the TACACS+ server name and move it to
the Members list.
6 Select OK.
To configure an administrator to authenticate with a TACACS+ server
1 Go to System > Admin.
2 Select Create New, or select the Edit icon beside an existing administrator.
3 Enter or select the following:
4 Configure additional features as required. For more information, see “Configuring an
administrator account” on page 270.
5 Select OK.
Configuring PKI certificate authentication for administrators
Public Key Infrastructure (PKI) authentication uses a certificate authentication library that
takes a list of peers, peer groups, and user groups and returns authentication successful
or denied notifications. Users only need a valid certificate for successful authentication; no
username or password is necessary.
If you want to use PKI authentication for an administrator, you must configure the
authentication before you create the administrator accounts. To do this you need to:
• configure a PKI administrator to be included in the user group
• create a user group.
To view the PKI user list, go to User > PKI.
Administrator A name that identifies the administrator.
Type Remote.
User Group The user group that includes the TACACS+ server as a member.
Wildcard Select to allow all accounts on the TACACS+ server to be administrators.
Password The password the administrator uses to authenticate. Not available if Wildcard
is enabled.
Confirm
Password
The re-entered password that confirms the original entry in Password. Not
available if Wildcard is enabled.
Admin Profile The admin profile to apply to the administrator.
To Next Page
Loading...
Need help?
General