Options User
FortiGate Version 4.0 Administration Guide
590 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
Options
You can define setting options for user authentication, including authentication timeout,
supported protocols, and authentication certificates.
Authentication timeout controls how long an authenticated firewall connection can be idle
before the user must authenticate again.
When user authentication is enabled on a firewall policy, the authentication challenge is
normally issued for any of the four protocols (depending on the connection protocol):
• HTTP (can also be set to redirect to HTTPS)
• HTTPS
•FTP
•Telnet.
The selections made in the Protocol Support list of the Authentication Settings screen
control which protocols support the authentication challenge. Users must connect with a
supported protocol first so they can subsequently connect with other protocols. If HTTPS
is selected as a method of protocol support, it allows the user to authenticate with a
customized Local certificate.
When you enable user authentication on a firewall policy, the firewall policy user will be
challenged to authenticate. For user ID and password authentication, users must provide
their user names and passwords. For certificate authentication (HTTPS or HTTP
redirected to HTTPS only), you can install customized certificates on the FortiGate unit
and the users can also have customized certificates installed on their browsers.
Otherwise, users will see a warning message and have to accept a default FortiGate
certificate.
To configure authentication setting options, go to User > Options.
Domain The entire website domain.
Categories The FortiGuard category.
Ask Authenticating user, who chooses the override type.
Override Time Select to set the duration of the override:
Constant Select to set the duration of override in days, hours, minutes.
Ask Authenticating user, who determines the duration of override.
The duration set is the maximum.
Protection Profiles
Available
One protection profile can have several user groups with
override permissions. Verification of the user group occurs
once the user name and password are entered. The overrides
can still be enabled or not enabled on a profile-wide basis
regardless of the user groups that have permissions to
override the profile.
Permission Granted For The list of defined protection profiles applied to user groups
that have override privileges.
Note: When you use certificate authentication, if you do not specify any certificate when
you create the firewall policy, the global settings will be used. If you specify a certificate, the
per-policy setting will overwrite the global setting. For information about how to use
certificate authentication, see FortiGate Certificate Management User Guide.
To Next Page
Loading...