WAN optimization and web caching Configuring authentication groups
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 689
http://docs.fortinet.com/ • Feedback
Configuring authentication groups
You need to add authentication groups to support authentication and secure tunneling
between WAN optimization peers.
To perform authentication, WAN optimization peers use a certificate or a pre-shared key
added to an authentication group to identify each other before forming a WAN optimization
tunnel. Both peers must have an authentication group with the same name and settings.
You add the authentication group to a peer-to-peer or active rule on the client side
FortiGate unit. When the server side FortiGate unit receives a tunnel start request from
the client side FortiGate unit that includes an authentication group, the server side
FortiGate unit finds an authentication group in its configuration with the same name. If
both authentication groups have the same certificate or pre-shared key, the peers can
authenticate and set up the tunnel.
Authentication groups are also required for secure tunneling. To configure secure
tunneling, both peers must have an authentication group with the same name and
settings. On the client side FortiGate unit, to enable secure tunneling you select Enable
Secure Tunnel in a peer-to-peer or active rule and select the authentication group. After
the client and server side FortiGate units authenticate with each other, they also use the
pre-shared key or certificate in the authentication group to encrypt and decrypt the tunnel
packets. The encrypted tunnel uses SSL encryption.
To add authentication groups, go to WAN Opt. & Cache > Peer > Authentication Group.
Figure 429: WAN optimization Authentication Group list
Edit icon Select Edit beside an existing peer to modify it.
Delete icon Delete a peer.
Peer Host ID The peer host ID of the peer FortiGate unit. This is the local host ID added to the
peer FortiGate unit.
IP Address The IP address of the FortiGate unit. Usually this is the IP address of the
FortiGate interface connected to the WAN.
Viewing basic information
Create New Add a new authentication group.
Name The name of the authentication group.
To Next Page
Loading...
Need help?
General