Vpn authentication, Configuring authentication of ssl vpn users – Fortinet FortiGate v3.0 MR7 User Manual
Page 52
FortiOS v3.0 MR7 User Authentication User Guide
52
01-30007-0347-20080828
VPN authentication
Configuring authenticated access
VPN authentication
All VPN configurations require users to authenticate. Authentication based on
user groups applies to:
•
SSL VPNs
•
PPTP and L2TP VPNs
•
an IPSec VPN that authenticates users using dialup groups
•
a dialup IPSec VPN that uses XAUTH authentication (Phase 1)
This document does not describe the use of certificates for VPN authentication.
See the
ortiGate IPSec VPN User Guide
and
ortiGate Certificate
Management User Guide
for information on this type of authentication.
You must create user accounts and user groups before performing the procedures
in this section. If you create a user group for dialup IPSec clients or peers that
have unique peer IDs, their user accounts must be stored locally on the FortiGate
unit. You cannot authenticate these types of users using a RADIUS or LDAP
server.
Configuring authentication of SSL VPN users
To configure authentication for an SSL VPN - web-based manager
1
Configure the users who are permitted to use this VPN. Create a user group and
add them to it.
For more information, see
“Users/peers and user groups” on page 33
.
2
Go to VPN > SSL.
3
Select Enable SSL-VPN and enter information as follows:
Figure 26: SSL VPN Settings
Enable SSL VPN
Select to enable SSL VPN connections.
Tunnel IP Range
Specify the range of IP addresses reserved for tunnel-
mode SSL VPN clients. Type the starting and ending
address that defines the range of reserved IP
addresses.