FortiGate Version 3.0 MR4 Administration Guide
222 01-30004-0203-20070102
Configuring firewall policies Firewall Policy
Adding authentication to firewall policies
Add users and a firewall protection profile to a user group before selecting
Authentication. For information about adding and configuring user groups, see
“User group” on page 327. Authentication is available if Action is set to Accept.
Select Authentication and select one or more user groups to require users to enter
a user name and password before the firewall accepts the connection.
Figure 123:Selecting user groups for authentication
Select Authentication for any service. Users can authenticate with the firewall
using HTTP, Telnet, or FTP. For users to be able to authenticate, add an HTTP,
Telnet, or FTP policy that is configured for authentication. When users attempt to
connect through the firewall using this policy, they are prompted to enter a firewall
username and password.
Traffic Shaping Traffic Shaping controls the bandwidth available to, and sets the priority
of the traffic processed by, the policy.
Note:
• Be sure to enable traffic shaping on all firewall policies. If you do not
apply any traffic shaping rule to a policy, the policy is set to high
priority by default.
• Distribute firewall policies over all three priority queues (low,
medium and high).
• Be sure that the sum of all Guaranteed Bandwidth in all firewall
policies is significantly less than the bandwidth capacity of the
interface.
For information about how to configure traffic shaping, see “Adding
traffic shaping to firewall policies” on page 223
User
Authentication
Disclaimer
Display the Authentication Disclaimer page (a replacement message).
The user must accept the disclaimer to connect to the destination. You
can use the disclaimer in conjunction with authentication or a protection
profile. This option is available on some models. It is not available for
SSL-VPN policies.
Redirect URL If you enter a URL, the user is redirected to the URL after
authenticating and/or accepting the user authentication disclaimer. This
option is available on some models. It is not available for SSL-VPN
policies.
Comments Add a description or other information about the policy. The comment
can be up to 63 characters long, including spaces.
To Next Page
Loading...
Need help?
General