Configuring directory service user groups – Fortinet FortiGate v3.0 MR7 User Manual
Page 42
FortiOS v3.0 MR7 User Authentication User Guide
42
01-30007-0347-20080828
User groups
Users/peers and user groups
3
Select OK.
To create a firewall user group - CLI
config user group
edit
set group-type
set member
set profile
end
For more specific user group CLI commands, see the
.
Configuring Directory Service user groups
On a network, you can configure the FortiGate unit to allow access to members of
Directory Service server user groups who have been authenticated on the
network. The Fortinet Server Authentication Extensions (FSAE) must be installed
on the network domain controllers.
A Directory Service user group provides access to a firewall policy that requires
Directory Service type authentication and lists the user group as one of the
allowed groups. The members of the user group are Directory Service users or
groups that you select from a list that the FortiGate unit receives from the
Directory Service servers that you have configured.
To create an Directory Service user group
1
Go to User > User Group.
2
Select Create New, enter the following information, and select OK.
Members
The list of Local users, RADIUS servers, LDAP servers,
TACACS+ servers, Directory Service users/user groups, or PKI
users that belong to the user group. To remove a member, select
the name and then select the Left Arrow.
FortiGuard Web
Filtering Override
Available only if Type is Firewall or Directory Service.
Select the Expand Arrow to configure Web Filtering override
capabilities for this group.
Note: You cannot use Directory Service user groups directly in FortiGate firewall policies.
You must add Directory Service groups to FortiGate user groups. A Directory Service group
should belong to only one FortiGate user group. If you assign it to multiple FortiGate user
groups, the FortiGate unit recognizes only the last user group assignment.
Note: A Directory Service user group cannot have SSL VPN access.