Fortinet FortiGate v3.0 MR7 User Manual

Page 53

background image

Configuring authenticated access

VPN authentication

FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828

53

Server Certificate

Select the signed server certificate to use for
authentication purposes. If you leave the default setting
(Self-Signed), the FortiGate unit offers its factory
installed (self-signed) certificate from Fortinet to remote
clients when they connect.

Require Client Certificate

If you want to enable the use of group certificates for
authenticating remote clients, select the check box.
Afterward, when the remote client initiates a connection,
the FortiGate unit prompts the client for its client-side
certificate as part of the authentication process.

Encryption Key Algorithm

Select the algorithm for creating a secure SSL
connection between the remote client web browser and
the FortiGate unit.

Default - RC4(128
bits) and higher

If the web browser on the remote client can match a
cipher suite greater than or equal to 128 bits, select this
option.

High - AES(128/256
bits) and 3DES

If the web browser on the remote client can match a high
level of SSL encryption, select this option to enable
cipher suites that use more than 128 bits to encrypt data.

Low - RC4(64 bits),
DES and higher

If you are not sure which level of SSL encryption the
remote client web browser supports, select this option to
enable a cipher suite greater than or equal to 64 bits.

Idle Timeout

Type the period of time (in seconds) to control how long
the connection can remain idle before the system forces
the user to log in again. The range is from 10 to 28800
seconds. You can also set the value to 0 to have no idle
connection timeout. This setting applies to the SSL VPN
session. The interface does not time out when web
application sessions or tunnels are up.

Portal Message

If you want to display a custom caption at the top of the
web portal home page, type the message.

Advanced (DNS and WINS Servers)

DNS Server #1
DNS Server #2

Enter up to two DNS Servers to be provided for the use
of clients.

WINS Server #1
WINS Server #2

Enter up to two WINS Servers to be provided for the use
of clients.

Apply

Select to save and apply settings.