EasyManua.ls Logo

Fortinet Gate 60D - User Group

Fortinet Gate 60D
706 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
User User Group
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 583
http://docs.fortinet.com/Feedback
Figure 387: PKI user
You can configure peer user groups only through the CLI. For more information, see the
FortiGate CLI Reference.
User Group
A user group is a list of user identities. An identity can be:
a local user account (user name and password) stored on the FortiGate unit
a local user account with a password stored on a RADIUS, LDAP, or TACACS+ server
a RADIUS, LDAP, or TACACS+ server (all identities on the server can authenticate)
a user or user group defined on a Directory Service server.
Each user group belongs to one of three types: Firewall, Directory Service or SSL VPN.
For information about each type, see “Firewall user groups” on page 584, “Directory
Service user groups” on page 585, and “SSL VPN user groups” on page 585. For
information on configuring each type of user group, see “Configuring a user group” on
page 586.
In most cases, the FortiGate unit authenticates users by requesting each user name and
password. The FortiGate unit checks local user accounts first. If the unit does not find a
match, it checks the RADIUS, LDAP, or TACACS+ servers that belong to the user group.
Authentication succeeds when the FortiGate unit finds a matching user name and
password.
For a
Directory Service user group, the Directory Service server authenticates users when
they log in to the network. The FortiGate unit receives the user’s name and IP address
from the FSAE collector agent. For more information about FSAE, see the
FSAE Technical Note.
You can configure user groups to provide authenticated access to:
Firewall policies that require authentication
See “Adding authentication to firewall policies” on page 327.
You can choose the user groups that are allowed to authenticate with these policies.
Name Enter the name of the PKI user.
Subject Enter the text string that appears in the subject field of the
certificate of the authenticating user. This field is optional.
CA Enter the CA certificate that must be used to authenticate this
user. This field is optional.
Note: You must enter a value for at least one of Subject or CA.

Table of Contents