Adding user groups – Fortinet FortiGate 4000 User Manual
Page 233
Users and authentication
Configuring user groups
FortiGate-4000 Installation and Configuration Guide
233
• IPSec VPN Phase 1 configurations for dialup users. Only users in the selected
user group can authenticate to use the VPN tunnel.
• XAuth for IPSec VPN Phase 1 configurations. Only users in the selected user
group can be authenticated using XAuth.
• The FortiGate PPTP configuration. Only users in the selected user group can use
PPTP.
• The FortiGate L2TP configuration. Only users in the selected user group can use
L2TP.
When you add user names, RADIUS servers, and LDAP servers to a user group, the
order in which they are added determines the order in which the FortiGate unit checks
for authentication. If user names are first, then the FortiGate unit checks for a match
with these local users. If a match is not found, the FortiGate unit checks the RADIUS
or LDAP server. If a RADIUS or LDAP server is added first, the FortiGate unit checks
the server and then the local users.
If the user group contains users, RADIUS servers, and LDAP servers, the FortiGate
unit checks them in the order in which they have been added to the user group.
This section describes:
•
•
Adding user groups
Use the following procedure to add user groups to the FortiGate configuration. You
can add user names, RADIUS servers, and LDAP servers to user groups.
To add a user group
1
Go to User > User Group.
2
Select New to add a new user group.
Figure 68: Adding a user group