Introduction The user’s view of authentication
FortiGate User Authentication Version 1 Guide
01-28007-0233-20050825 5
Introduction
On a FortiGate unit, you can control access to network resources by defining lists
of authorized users, called user groups. To use a particular resource, such as a
network or a VPN tunnel, the user must belong to one of the user groups that is
allowed access. The user then must correctly enter a user name and password to
prove his or her identity. This is called authentication.
You can configure authentication for:
• any firewall policy with Action set to ACCEPT
• PPTP and L2TP VPNs
• a dialup IPSec VPN set up as an XAUTH server (Phase 1)
• a dialup IPSec VPN that accepts user group authentication as a peer ID
This document does not describe certificate-based VPN authentication. For
information about this type of authentication, see the FortiGate VPN Guide.
The user’s view of authentication
The user sees a request for authentication when trying to access the protected
resource. The way in which the request is presented to the user depends on the
method of access to that resource.
VPN authentication usually controls remote access to a private network
Web-based user authentication
Firewall policies usually control browsing access to an external network that
provides connection to the Internet. In this case, the FortiGate unit requests
authentication through the web browser:
The user types a user name and password and then selects OK. If the credentials
are incorrect, the FortiGate unit redisplays the authentication screen with blank
fields so that the user can try again. When the user enters valid credentials, the
FortiGate unit provides a success message:
At this point, the user selects OK and then can access the required resource. The
user gains access for the duration of the authentication timeout that the FortiGate
administrator configures. When this time period expires, the user must
authenticate again.
To Next Page
Loading...
Need help?
General