User Configuring user authentication
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 319
User
This section explains how to set up user accounts, user groups and external
authentication servers. These are components of user authentication that you can
use to control access to network resources.
The following topics are included in this section:
• Configuring user authentication
• Local user accounts
• RADIUS servers
• LDAP servers
• PKI authentication
• Windows AD servers
• User group
• Configuring peers and peer groups
Configuring user authentication
FortiGate authentication controls access by user group, but creating user groups
is not the first step in configuring authentication. You must configure user
authentication in the following order:
1 If external authentication using RADIUS or LDAP servers is needed, configure
access to those servers. See “RADIUS servers” on page 322 and “LDAP servers”
on page 323.
2 Configure local user accounts in User > Local. For each user, you can choose
whether the password is verified by the FortiGate unit, by a RADIUS server or by
an LDAP server. See “Local user accounts” on page 321.
3 If you use a Microsoft Windows Active Directory server for authentication,
configure access to it. See “Configuring a Windows AD server” on page 327.
Users authenticated by Active Directory server do not need local user accounts on
the FortiGate unit. You must install the Fortinet Server Authentication Extensions
(FSAE) on your Windows network.
4 To use certificate-based authentication for administrative access (HTTPS GUI),
IPSec, SSL-VPN, and web-based authentication, configure using User > PKI.
See “Configuring PKI users” on page 326.
5 Create user groups in User > User Group and add members. There are three
types of user groups: Firewall, Active Directory and SSL VPN. See “Configuring a
user group” on page 330.
For PKI authentication, only Firewall and SSL VPN user groups are applicable.
To Next Page
Loading...
Need help?
General