beautypg.com

Firewall policy order – Fortinet FortiGate v3.0 MR7 User Manual

Page 50

background image

FortiOS v3.0 MR7 User Authentication User Guide

50

01-30007-0347-20080828

Firewall policy authentication

Configuring authenticated access

7

One at a time, select user group names from the Available Groups list and select
the right-pointing arrow button to move them to the Allowed list. All members of
the groups in the Allowed list will be authenticated with this firewall policy.

8

To use a CA certificate for authentication, in Certificate, select the certificate to
use from the drop-down list.

9

To require the user to accept a disclaimer to connect to the destination, select
User Authentication Disclaimer.

The User Authentication Disclaimer replacement message is displayed. You can
edit the User Authentication Disclaimer replacement message text by going to
System > Config > Replacement Messages.

10

Type a URL in Redirect URL if the user is to be redirected after they are
authenticated or accept the disclaimer.

11

Select OK.

Firewall policy order

The firewall policies that you create must be correctly placed in the policy list to be
effective. The firewall evaluates a connection request by checking the policy list
from the top down, looking for the first policy that matches the source and
destination addresses of the packet. Keep these rules in mind:

More specific policies must be placed above more general ones.

Any policy that requires authentication must be placed above any similar policy
that does not.

If a user fails authentication, the firewall drops the request and does not check
for a match with any of the remaining policies.

If you create a policy that requires authentication for HTTP access to the
Internet, you must precede this policy with a policy for unauthenticated access
to the appropriate DNS server.

To change the position of the DNS server in the policy list - web-based
manager

1

Go to Firewall > Policy.

2

If necessary, expand the list to view your policies.

3

Select the Move To icon beside the DNS policy you created.

Figure 24: Firewall > Policy - Move To

Move To

Delete

Edit

Insert Policy before

See also other documents in the category Fortinet Hardware: