beautypg.com

Adding user groups – Fortinet FortiGate 4000 User Manual

Page 233

background image

Users and authentication

Configuring user groups

FortiGate-4000 Installation and Configuration Guide

233

• IPSec VPN Phase 1 configurations for dialup users. Only users in the selected

user group can authenticate to use the VPN tunnel.

• XAuth for IPSec VPN Phase 1 configurations. Only users in the selected user

group can be authenticated using XAuth.

• The FortiGate PPTP configuration. Only users in the selected user group can use

PPTP.

• The FortiGate L2TP configuration. Only users in the selected user group can use

L2TP.

When you add user names, RADIUS servers, and LDAP servers to a user group, the
order in which they are added determines the order in which the FortiGate unit checks
for authentication. If user names are first, then the FortiGate unit checks for a match
with these local users. If a match is not found, the FortiGate unit checks the RADIUS
or LDAP server. If a RADIUS or LDAP server is added first, the FortiGate unit checks
the server and then the local users.

If the user group contains users, RADIUS servers, and LDAP servers, the FortiGate
unit checks them in the order in which they have been added to the user group.

This section describes:

Adding user groups

Deleting user groups

Adding user groups

Use the following procedure to add user groups to the FortiGate configuration. You
can add user names, RADIUS servers, and LDAP servers to user groups.

To add a user group

1

Go to User > User Group.

2

Select New to add a new user group.

Figure 68: Adding a user group