When user form the group "usrgrp" tries to connect to SSL VPN, user should get access to the LAN-user IP address range 10.40.0.1-40. Users should be able to authenticate using the RADIUS servers, and be assigned to their user group. Network behind FortiGate unit is 10.40.0.0/22, LAN users are using IP address range 10.40.0.1-40, and Servers are using ip addresses range 10.40.0.41-50 User groups used in the configuration are usrgrp, salesgrp.Use of a RADIUS server on Windows server 2008 NPS, RADIUS server integrated with Active directory.Focus on SSL VPN tunnels with split tunnelling enabled.Tests have been done with firmware version 5.2.7 (build 711) and 5.4.0 (build 1011).FortiGate unit or VDOM in NAT mode only.In this note, we will only deal with users being the case 2 or 3, and the authentication server will be a RADIUS server. Case 3: R emote or external authentication server, with a database, that contains the user name and password of each person, who is permitted access.Case 2: U ser, whose name is stored on the FortiGate unit, and whose password is stored on a remote or external authentication server.Case 1 : User, whose user name and password are stored on the FortiGate unit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |