User User Group
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 667
http://docs.fortinet.com/ • Feedback
For a Directory Service user group, the Directory Service server authenticates users when
they log in to the network. The FortiGate unit receives the user’s name and IP address
from the FSAE collector agent. For more information about FSAE, see the
FSAE Technical Note.
You can configure user groups to provide authenticated access to:
• Firewall policies that require authentication
See “Adding authentication to firewall policies” on page 396.
You can choose the user groups that are allowed to authenticate with these policies.
• SSL VPNs on the FortiGate unit
See “Configuring SSL VPN identity-based firewall policies” on page 400.
• IPSec VPN Phase 1 configurations for dialup users
See “Creating a new phase 1 configuration” on page 614.
Only users in the selected user group can authenticate to use the VPN tunnel.
• XAuth for IPSec VPN Phase 1 configurations
See XAUTH in “Defining phase 1 advanced settings” on page 616.
Only user groups in the selected user group can be authenticated using XAuth.
• FortiGate PPTP configuration
See “PPTP configuration using FortiGate web-based manager” on page 629.
Only users in the selected user group can use PPTP.
• FortiGate L2TP configuration
You can configure this only by using the config vpn l2tp CLI command. See the
FortiGate CLI Reference.
Only users in the selected user group can use L2TP.
• Administrator login with RADIUS authentication
See “Configuring RADIUS authentication for administrators” on page 273.
Only administrators with an account on the RADIUS server can log in.
• FortiGuard Web Filtering override groups
See “FortiGuard - Web Filter” on page 559.
When FortiGuard Web Filtering blocks a web page, authorized users can authenticate
to access the web page or to allow members of another group to access it.
For each resource that requires authentication, you specify which user groups are
permitted access. You need to determine the number and membership of user groups
appropriate to your authentication needs.
Firewall user groups
A firewall user group provides access to a firewall policy that requires authentication and
lists the user group as one of the allowed groups. The FortiGate unit requests the group
member’s user name and password when the user attempts to access the resource that
the policy protects.
You can also authenticate a user by certificate if you have selected this method. For more
information, see “Adding authentication to firewall policies” on page 396.
To Next Page
Loading...
Need help?
General