beautypg.com

Users/peers and user groups, Users/peers – Fortinet FortiGate v3.0 MR7 User Manual

Page 33

background image

Users/peers and user groups

Users/peers

FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828

33

Users/peers and user groups

FortiGate authentication controls system access by user group. First you
configure users/peers, then you create user groups and add users/peers to them.

Configure local user accounts. For each user, you can choose whether the
password is verified by the FortiGate unit, by a RADIUS server, by an LDAP
server, or by a TACACS+ server. See

“Creating local users” on page 34

.

Configure your FortiGate unit to authenticate users by using your RADIUS,
LDAP, or TACACS+ servers. See

“Configuring the FortiGate unit to use a

RADIUS server” on page 16

,

“Configuring the FortiGate unit to use an LDAP

server” on page 21

, and

“Configuring the FortiGate unit to use a TACACS+

authentication server” on page 25

.

Configure access to the FortiGate unit if you use a Directory Service server for
authentication. See

“Configuring the FortiGate unit to use a Directory Service

server” on page 28

.

Configure for certificate-based authentication for administrative access
(HTTPS web-based manager), IPSec, SSL-VPN, and web-based firewall
authentication.

For each network resource that requires authentication, you specify which user
groups are permitted access to the network. There are three types of user groups:
Firewall, Directory Service, and SSL VPN. See

“Configuring user groups” on

page 41

and

“Configuring Directory Service user groups” on page 42

.

This section describes:

Users/peers

User groups

Users/peers

A user is a user/peer account configured on the FortiGate unit and/or on a remote
or external authentication server. Users can access resources that require
authentication only if they are members of an allowed user group.

Table 2: How the FortiGate unit authenticates different types of users

User type

Authentication

Local user with password
stored on the FortiGate unit

The user name and password must match a user account
stored on the FortiGate unit.

Local user with password
stored on an authentication
server

The user name must match a user account stored on the
FortiGate unit and the user name and password must
match a user account stored on the authentication server
associated with that user.

See also other documents in the category Fortinet Hardware: