Dynamically assigning VPN client IP addresses from a RADIUS record What’s new in FortiOS 4.0
FortiGate Version 4.0 Administration Guide
40 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
set type http
next
end
edit 2
set port 8008
set type http
next
end
edit 3
set port 4523
set type telnet
end
end
If your FortiGate unit is operating with virtual domains enabled, each VDOM has a
different non-standard authentication port configuration.
Dynamically assigning VPN client IP addresses from a RADIUS
record
SSL VPN tunnel mode, IPSec, and PPTP VPN sessions can now assign IP addresses to
remote users by getting the IP address to assign from a RADIUS record.
For more information, see Dynamically assigning VPN client IP addresses from a RADIUS
record.
DHCP over route-based IPSec VPNs
In previous releases of FortiOS, you could use DHCP to assign IP addresses to dialup
clients on policy-based IPSec VPNs only. In FortiOS 4.0, DHCP is also available to dialup
clients on route-based IPSec VPNs.
The configuration differs only slightly from that of a route-based dialup VPN with static IP
addresses.
1 Configure Phase 1 settings.
Remote Gateway must be set to Dialup User.
2 Configure Phase 2 settings.
Set Phase 1 to Dialup User.
In the Advanced Settings, select DHCP-IPsec.
For more information, see “DHCP-IPSec” on page 540.
3 Configure a DHCP server on the virtual IPSec interface.
Set the server Type to DHCP. Enter the IP Range and Netmask that dialup clients will
use and the Default Gateway that dialup clients should use.
4 Configure an ACCEPT firewall policy with the virtual IPSec interface as source and the
local private network as destination.
SNMP upgraded to v3.0
SNMP v3.0 provides up-to-date information and status reporting about the hardware
running on your network.
To Next Page
Loading...