beautypg.com

Configuring user groups, Adding user groups – Fortinet FortiGate 50A User Manual

Page 177

background image

Users and authentication

Configuring user groups

FortiGate-50A Installation and Configuration Guide

177

Configuring user groups

To enable authentication, you must add user names, RADIUS servers, and LDAP
servers to one or more user groups. You can then select a user group when you
require authentication. You can select a user group to configure authentication for:

• Policies that require authentication. Only users in the selected user group or users

that can authenticate with the RADIUS servers added to the user group can
authenticate with these policies.

• IPSec VPN Phase 1 configurations for dialup users. Only users in the selected

user group can authenticate to use the VPN tunnel.

• XAuth for IPSec VPN Phase 1 configurations. Only users in the selected user

group can be authenticated using XAuth.

• The FortiGate PPTP configuration. Only users in the selected user group can use

PPTP.

• The FortiGate L2TP configuration. Only users in the selected user group can use

L2TP.

When you add user names, RADIUS servers, and LDAP servers to a user group, the
order in which they are added determines the order in which the FortiGate unit checks
for authentication. If user names are first, then the FortiGate unit checks for a match
with these local users. If a match is not found, the FortiGate unit checks the RADIUS
or LDAP server. If a RADIUS or LDAP server is added first, the FortiGate unit checks
the server and then the local users.

If the user group contains users, RADIUS servers, and LDAP servers, the FortiGate
unit checks them in the order in which they have been added to the user group.

This section describes:

Adding user groups

Deleting user groups

Adding user groups

Use the following procedure to add user groups to the FortiGate configuration. You
can add user names, RADIUS servers, and LDAP servers to user groups.

To add a user group

1

Go to User > User Group.

2

Select New to add a new user group.

3

Enter a Group Name to identify the user group.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.

4

To add users to the user group, select a user from the Available Users list and select
the right arrow to add the name to the Members list.

5

To add a RADIUS server to the user group, select a RADIUS server from the Available
Users list and select the right arrow to add the RADIUS server to the Members list.

6

To add an LDAP server to the user group, select an LDAP server from the Available
Users list and select the right arrow to add the LDAP server to the Members list.