advertisement
FortiGate-400 Installation and Configuration Guide Version 2.50 MR2
Users and authentication
FortiGate units support user authentication to the FortiGate user database, to a
RADIUS server, and to an LDAP server. You can add user names to the FortiGate user database and then add a password to allow the user to authenticate using the internal database. You can also add the names of RADIUS and LDAP servers. You can select RADIUS to allow the user to authenticate using the selected RADIUS server or LDAP to allow the user to authenticate using the selected LDAP server. You can disable a user name so that the user cannot authenticate.
To enable authentication, you must add user names to one or more user groups. You can also add RADIUS servers and LDAP servers to user groups. You can then select a user group when you require authentication.
You can select user groups to require authentication for:
• any firewall policy with Action set to ACCEPT
• IPSec dialup user phase 1 configurations
• XAuth functionality for Phase 1 IPSec VPN configurations
• PPTP
• L2TP
When a user enters a user name and password, the FortiGate unit searches the internal user database for a matching user name. If Disable is selected for that user name, the user cannot authenticate and the connection is dropped. If Password is selected for that user and the password matches, the connection is allowed. If the password does not match, the connection is dropped.
If RADIUS is selected and RADIUS support is configured and the user name and password match a user name and password on the RADIUS server, the connection is allowed. If the user name and password do not match a user name and password on the RADIUS server, the connection is dropped.
If LDAP is selected and LDAP support is configured and the user name and password match a user name and password on the LDAP server, the connection is allowed. If the user name and password do not match a user name and password on the LDAP server, the connection is dropped.
If the user group contains user names, RADIUS servers, and LDAP servers, the
FortiGate unit checks them in the order in which they have been added to the user group.
FortiGate-400 Installation and Configuration Guide
201
Setting authentication timeout Users and authentication
This chapter describes:
•
Setting authentication timeout
•
Adding user names and configuring authentication
•
•
•
Setting authentication timeout
1
2
To set authentication timeout:
Go to System > Config > Options.
Set Auth Timeout to control how long authenticated firewall connections can remain idle before users must authenticate again to get access through the firewall.
The default authentication timeout is 15 minutes.
Adding user names and configuring authentication
Use the following procedures to add user names and configure authentication.
This section describes:
•
Adding user names and configuring authentication
•
Deleting user names from the internal database
Adding user names and configuring authentication
1
2
3
4
Go to User > Local.
Select New to add a new user name.
Enter the user name.
The user name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.
Select one of the following authentication configurations:
Disable
Password
LDAP
Radius
Prevent this user from authenticating.
Enter the password that this user must use to authenticate. The password should be at least six characters long. The password can contain numbers
(0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters
- and _. Other special characters and spaces are not allowed.
Require the user to authenticate to an LDAP server. Select the name of the
LDAP server to which the user must authenticate. You can only select an
LDAP server that has been added to the FortiGate LDAP configuration. See
“Configuring LDAP support” on page 205 .
Require the user to authenticate to a RADIUS server. Select the name of the
RADIUS server to which the user must authenticate. You can only select a
RADIUS server that has been added to the FortiGate RADIUS configuration.
See “Configuring RADIUS support” on page 204
.
202
Fortinet Inc.
Users and authentication Adding user names and configuring authentication
5
6
Select Try other servers if connect to selected server fails if you have selected Radius and you want the FortiGate unit to try to connect to other RADIUS servers added to the FortiGate RADIUS configuration.
Select OK.
Figure 17: Adding a user name
Deleting user names from the internal database
1
2
3
You cannot delete user names that have been added to user groups. Remove user names from user groups before deleting them
Go to User > Local.
Select Delete User for the user name to delete.
Select OK.
Note: Deleting the user name deletes the authentication configured for the user.
FortiGate-400 Installation and Configuration Guide
203
Configuring RADIUS support Users and authentication
Configuring RADIUS support
If you have configured RADIUS support and a user is required to authenticate using a
RADIUS server, the FortiGate unit contacts the RADIUS server for authentication.
This section describes:
•
•
Adding RADIUS servers
4
5
6
1
2
3
To configure the FortiGate unit for RADIUS authentication:
Go to User > RADIUS.
Select New to add a new RADIUS server.
Enter the name of the RADIUS server.
You can enter any name. The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.
Enter the domain name or IP address of the RADIUS server.
Enter the RADIUS server secret.
Select OK.
Figure 18: Example RADIUS configuration
204
Deleting RADIUS servers
1
2
3
You cannot delete RADIUS servers that have been added to user groups.
Go to User > RADIUS.
Select Delete beside the RADIUS server name that you want to delete.
Select OK.
Fortinet Inc.
Users and authentication Configuring LDAP support
Configuring LDAP support
If you have configured LDAP support and a user is required to authenticate using an
LDAP server, the FortiGate unit contacts the LDAP server for authentication. To authentication with the FortiGate unit, the user enters a user name and password. The
FortiGate unit sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, the user is successfully authenticated with the
FortiGate unit. If the LDAP server cannot authenticate the user, the connection is refused by the FortiGate unit.
The FortiGate unit supports LDAP protocol functionality defined in RFC2251 for looking up and validating user names and passwords. ForitGate LDAP supports all
LDAP servers compliant with LDAP v3.
FortiGate LDAP support does not extend to proprietary functionality, such as notification of password expiration, that is available from some LDAP servers.
FortiGate LDAP support does not supply information to the user about why authentication failed.
LDAP user authentication is supported for PPTP, L2TP, IPSec VPN and firewall authentication. With PPTP, L2TP, and IPSec VPN, PAP (packet authentication protocol) is supported and CHAP (Challenge-Handshake Authentication Protocol) is not.
This section describes:
•
•
Adding LDAP servers
1
2
3
4
5
6
To configure the FortiGate unit for LDAP authentication:
Go to User > LDAP.
Select New to add a new LDAP server.
Enter the name of the LDAP server.
You can enter any name. The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.
Enter the domain name or IP address of the LDAP server.
Enter the port used to communicate with the LDAP server.
By default LDAP uses port 389.
Enter the common name identifier for the LDAP server.
The common name identifier for most LDAP servers is cn. However some servers use other common name identifiers such as uid.
FortiGate-400 Installation and Configuration Guide
205
Configuring LDAP support Users and authentication
7
8
Enter the distinguished name used to look up entries on the LDAP server.
Enter the base distinguished name for the server using the correct X.500 or LDAP format. The FortiGate unit passes this distinguished name unchanged to the server.
For example, you could use the following base distinguished name: ou=marketing,dc=fortinet,dc=com where ou is organization unit and dc is domain component
You can also specify multiple instances of the same field in the distinguished name, for example, to specify multiple organization units: ou=accounts,ou=marketing,dc=fortinet,dc=com
Select OK.
Figure 19: Example LDAP configuration
Deleting LDAP servers
1
2
3
You cannot delete LDAP servers that have been added to user groups.
Go to User > LDAP.
Select Delete beside the LDAP server name that you want to delete.
Select OK.
206
Fortinet Inc.
Users and authentication Configuring user groups
Configuring user groups
To enable authentication, you must add user names, RADIUS servers and LDAP servers to one or more user groups. You can then select a user group when you require authentication. You can select a user group to configure authentication for:
• Policies that require authentication. Only users in the selected user group or that can authenticate with the RADIUS servers added to the user group can authenticate with these policies.
• IPSec VPN Phase 1 configurations for dialup users. Only users in the selected user group can authenticate to use the VPN tunnel.
• XAuth for IPSec VPN Phase 1 configurations. Only users in the selected user group can be authenticated using XAuth.
• The FortiGate PPTP configuration. Only users in the selected user group can use
PPTP.
• The FortiGate L2TP configuration. Only users in the selected user group can use
L2TP.
When you add user names, RADIUS servers, and LDAP servers to a user group the order in which they are added affects the order in which the FortiGate unit checks for authentication. If user names are first, then the FortiGate unit checks for a match with these local users. If a match is not found, the FortiGate unit checks the RADIUS or
LDAP server. If a RADIUS or LDAP server is added first, the FortiGate unit checks the server and then the local users.
If the user group contains users, RADIUS servers, and LDAP servers, the FortiGate unit checks them in the order in which they have been added to the user group.
This section describes:
•
•
Adding user groups
1
2
Use the following procedure to add user groups to the FortiGate configuration. You can add user names, RADIUS servers, and LDAP servers to user groups.
To add a user group:
Go to User > User Group.
Select New to add a new user group.
FortiGate-400 Installation and Configuration Guide
207
Configuring user groups
Figure 20: Adding a user group
Users and authentication
208
3
4
5
6
7
8
Enter a Group Name to identify the user group.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.
To add users to the user group, select a user from the Available Users list and select the right arrow to add the name to the Members list.
To add a RADIUS server to the user group, select a RADIUS server from the Available
Users list and select the right arrow to add the RADIUS server to the Members list.
To add an LDAP server to the user group, select an LDAP server from the Available
Users list and select the right arrow to add the LDAP server to the Members list.
To remove users, RADIUS servers, or LDAP servers from the user group, select a user, RADIUS server, or LDAP server from the Members list and select the left arrow to remove the name, RADIUS server, or LDAP server from the group.
Select OK.
Deleting user groups
1
2
3
You cannot delete user groups that have been selected in a policy, a dialup user phase1 configuration, or in a PPTP or L2TP configuration.
To delete a user group:
Go to User > User Group
Select Delete
Select OK.
beside the user group that you want to delete.
Fortinet Inc.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 3 Table of Contents
- 15 Introduction
- 15 Antivirus protection
- 16 Web content filtering
- 16 Email filtering
- 17 Firewall
- 17 NAT/Route mode
- 18 Transparent mode
- 18 VLAN
- 18 Network intrusion detection
- 19 VPN
- 19 High availability
- 20 Secure installation, configuration, and management
- 20 Web-based manager
- 21 Command line interface
- 21 Logging and reporting
- 22 What’s new in Version 2.50
- 22 System administration
- 22 Network configuration
- 22 Routing
- 22 DHCP server
- 22 Routing Information Protocol (RIP)
- 22 SNMP
- 23 HA
- 23 Replacement messages
- 23 Firewall
- 23 Users and authentication
- 23 VPN
- 24 NIDS
- 24 Antivirus
- 24 Web Filter
- 24 Email filter
- 24 Logging and Reporting
- 25 About this document
- 26 Document conventions
- 27 Fortinet documentation
- 27 Comments on Fortinet technical documentation
- 28 Customer service and technical support
- 29 Getting started
- 30 Package contents
- 30 Mounting
- 30 Dimensions
- 30 Weight
- 31 Power requirements
- 31 Environmental specifications
- 31 Powering on
- 32 Connecting to the web-based manager
- 33 Connecting to the command line interface (CLI)
- 33 Factory default FortiGate configuration settings
- 34 Factory default NAT/Route mode network configuration
- 35 Factory default Transparent mode network configuration
- 35 Factory default firewall configuration
- 36 Factory default content profiles
- 37 Strict content profile
- 37 Scan content profile
- 38 Web content profile
- 38 Unfiltered content profile
- 39 Planning your FortiGate configuration
- 39 NAT/Route mode
- 40 NAT/Route mode with multiple external network connections
- 41 Transparent mode
- 41 Configuration options
- 41 Setup Wizard
- 42 CLI
- 42 Front keypad and LCD
- 42 FortiGate model maximum values matrix
- 43 Next steps
- 45 NAT/Route mode installation
- 45 Preparing to configure NAT/Route mode
- 46 Using the setup wizard
- 46 Starting the setup wizard
- 46 Reconnecting to the web-based manager
- 47 Using the front control buttons and LCD
- 47 Using the command line interface
- 47 Configuring the FortiGate unit to operate in NAT/Route mode
- 47 Configuring NAT/Route mode IP addresses
- 49 Connecting the FortiGate unit to your networks
- 50 Configuring your network
- 50 Completing the configuration
- 50 Configuring interface 3
- 51 Configuring interface 4/HA
- 51 Setting the date and time
- 51 Enabling antivirus protection
- 51 Registering your FortiGate unit
- 52 Configuring virus and attack definition updates
- 52 Configuration example: Multiple connections to the Internet
- 53 Configuring Ping servers
- 54 Destination based routing examples
- 54 Primary and backup links to the Internet
- 55 Load sharing
- 55 Load sharing and primary and secondary connections
- 57 Policy routing examples
- 57 Routing traffic from internal subnets to different external networks
- 57 Routing a service to an external network
- 58 Firewall policy example
- 58 Adding a redundant default policy
- 59 Adding more firewall policies
- 59 Restricting access to a single Internet connection
- 61 Transparent mode installation
- 61 Preparing to configure Transparent mode
- 62 Using the setup wizard
- 62 Changing to Transparent mode
- 62 Starting the setup wizard
- 62 Reconnecting to the web-based manager
- 63 Using the front control buttons and LCD
- 63 Using the command line interface
- 63 Changing to Transparent mode
- 64 Configuring the Transparent mode management IP address
- 64 Configure the Transparent mode default gateway
- 64 Completing the configuration
- 64 Setting the date and time
- 64 Enabling antivirus protection
- 65 Registering your FortiGate
- 65 Configuring virus and attack definition updates
- 65 Connecting the FortiGate unit to your networks
- 66 Transparent mode configuration examples
- 67 Default routes and static routes
- 67 Example default route to an external network
- 68 General configuration steps
- 69 Web-based manager example configuration steps
- 69 CLI configuration steps
- 69 Example static route to an external destination
- 70 General configuration steps
- 71 Web-based manager example configuration steps
- 71 CLI configuration steps
- 72 Example static route to an internal destination
- 72 General configuration steps
- 73 Web-based manager example configuration steps
- 73 CLI configuration steps
- 75 High availability
- 75 Active-passive HA
- 76 Active-active HA
- 77 HA in NAT/Route mode
- 77 Installing and configuring the FortiGate units
- 77 Configuring the HA interfaces
- 78 Configuring the HA cluster
- 80 Connecting the HA cluster to your network
- 82 Starting the HA cluster
- 82 HA in Transparent mode
- 82 Installing and configuring the FortiGate units
- 82 Configuring the HA interface and HA IP address
- 83 Configuring the HA cluster
- 85 Connecting the HA cluster to your network
- 86 Starting the HA cluster
- 86 Managing the HA cluster
- 86 Viewing the status of cluster members
- 87 Monitoring cluster members
- 88 Monitoring cluster sessions
- 88 Viewing and managing cluster log messages
- 89 Managing individual cluster units
- 89 Synchronizing the cluster configuration
- 90 Returning to standalone configuration
- 90 Replacing a FortiGate unit after fail-over
- 91 Advanced HA options
- 91 Selecting a FortiGate unit to a permanent primary unit
- 92 Configuring weighted-round-robin weights
- 93 System status
- 94 Changing the FortiGate host name
- 94 Changing the FortiGate firmware
- 95 Upgrade to a new firmware version
- 95 Upgrading the firmware using the web-based manager
- 95 Upgrading the firmware using the CLI
- 96 Revert to a previous firmware version
- 96 Reverting to a previous firmware version using the web-based manager
- 97 Reverting to a previous firmware version using the CLI
- 99 Install a firmware image from a system reboot using the CLI
- 101 Test a new firmware image before installing it
- 103 Installing and using a backup firmware image
- 103 Installing a backup firmware image
- 105 Switching to the backup firmware image
- 106 Switching back to the default firmware image
- 106 Manual virus definition updates
- 107 Manual attack definition updates
- 107 Displaying the FortiGate serial number
- 107 Displaying the FortiGate up time
- 107 Displaying log hard disk status
- 108 Backing up system settings
- 108 Restoring system settings
- 108 Restoring system settings to factory defaults
- 109 Changing to Transparent mode
- 109 Changing to NAT/Route mode
- 109 Restarting the FortiGate unit
- 110 Shutting down the FortiGate unit
- 110 System status
- 110 Viewing CPU and memory status
- 111 Viewing sessions and network status
- 112 Viewing virus and intrusions status
- 113 Session list
- 115 Virus and attack definitions updates and registration
- 115 Updating antivirus and attack definitions
- 116 Connecting to the FortiResponse Distribution Network
- 117 Configuring scheduled updates
- 118 Configuring update logging
- 119 Adding an override server
- 119 Manually updating antivirus and attack definitions
- 119 Configuring push updates
- 120 To enable push updates
- 120 About push updates
- 120 Push updates through a NAT device
- 120 Example: push updates through a NAT device
- 124 Scheduled updates through a proxy server
- 125 Registering FortiGate units
- 125 FortiCare Service Contracts
- 126 Registering the FortiGate unit
- 128 Updating registration information
- 128 Recovering a lost Fortinet support password
- 128 Viewing the list of registered FortiGate units
- 129 Registering a new FortiGate unit
- 129 Adding or changing a FortiCare Support Contract number
- 130 Changing your Fortinet support password
- 130 Changing your contact information or security question
- 130 Downloading virus and attack definitions updates
- 131 Registering a FortiGate unit after an RMA
- 133 Network configuration
- 133 Configuring zones
- 133 Adding zones
- 134 Adding interfaces to a zone
- 134 Adding VLAN subinterfaces to a zone
- 134 Renaming zones
- 135 Deleting zones
- 135 Configuring interfaces
- 135 Viewing the interface list
- 135 Bringing up an interface
- 136 Changing an interface static IP address
- 136 Adding a secondary IP address to an interface
- 136 Adding a ping server to an interface
- 137 Controlling management access to an interface
- 137 Configuring traffic logging for connections to an interface
- 137 Changing the MTU size to improve network performance
- 138 Configuring port4/ha
- 138 Configuring port4/ha for HA mode
- 138 Configuring port4/ha as a firewall interface
- 138 Configuring the management interface (Transparent mode)
- 139 Configuring VLANs
- 139 VLAN network configuration
- 141 Adding VLAN subinterfaces
- 141 Rules for VLAN IDs
- 141 Rules for VLAN IP addresses
- 141 Adding a VLAN subinterface
- 143 Configuring routing
- 143 Adding a default route
- 143 Adding destination-based routes to the routing table
- 145 Adding routes in Transparent mode
- 145 Configuring the routing table
- 146 Policy routing
- 146 Policy routing command syntax
- 147 Providing DHCP services to your internal network
- 149 RIP configuration
- 150 RIP settings
- 152 Configuring RIP for FortiGate interfaces
- 153 Adding RIP neighbors
- 154 Adding RIP filters
- 154 Adding a single RIP filter
- 155 Adding a RIP filter list
- 156 Adding a neighbors filter
- 156 Adding a routes filter
- 157 System configuration
- 157 Setting system date and time
- 158 Changing web-based manager options
- 160 Adding and editing administrator accounts
- 160 Adding new administrator accounts
- 161 Editing administrator accounts
- 162 Configuring SNMP
- 162 Configuring the FortiGate unit for SNMP monitoring
- 162 Configuring FortiGate SNMP support
- 163 FortiGate MIBs
- 164 FortiGate traps
- 164 Customizing replacement messages
- 165 Customizing replacement messages
- 166 Customizing alert emails
- 169 Firewall configuration
- 170 Default firewall configuration
- 170 Interfaces
- 170 VLAN subinterfaces
- 171 Zones
- 171 Addresses
- 172 Services
- 172 Schedules
- 172 Content profiles
- 172 Adding firewall policies
- 173 Firewall policy options
- 173 Source
- 173 Destination
- 174 Schedule
- 174 Service
- 174 Action
- 174 NAT
- 174 VPN Tunnel
- 175 Traffic Shaping
- 175 Authentication
- 176 Anti-Virus & Web filter
- 177 Log Traffic
- 177 Comments
- 177 Configuring policy lists
- 177 Policy matching in detail
- 178 Changing the order of policies in a policy list
- 178 Enabling and disabling policies
- 178 Disabling a policy
- 178 Enabling a policy
- 179 Addresses
- 179 Adding addresses
- 180 Editing addresses
- 180 Deleting addresses
- 181 Organizing addresses into address groups
- 182 Services
- 182 Predefined services
- 184 Providing access to custom services
- 185 Grouping services
- 186 Schedules
- 186 Creating one-time schedules
- 187 Creating recurring schedules
- 188 Adding a schedule to a policy
- 188 Virtual IPs
- 189 Adding static NAT virtual IPs
- 190 Adding port forwarding virtual IPs
- 191 Adding policies with virtual IPs
- 192 IP pools
- 192 Adding an IP pool
- 193 IP Pools for firewall policies that use fixed ports
- 193 IP pools and dynamic NAT
- 193 IP/MAC binding
- 194 Configuring IP/MAC binding for packets going through the firewall
- 195 Configuring IP/MAC binding for packets going to the firewall
- 195 Adding IP/MAC addresses
- 196 Viewing the dynamic IP/MAC list
- 196 Enabling IP/MAC binding
- 197 Content profiles
- 197 Default content profiles
- 197 Adding a content profile
- 199 Adding a content profile to a policy
- 201 Users and authentication
- 202 Setting authentication timeout
- 202 Adding user names and configuring authentication
- 202 Adding user names and configuring authentication
- 203 Deleting user names from the internal database
- 204 Configuring RADIUS support
- 204 Adding RADIUS servers
- 204 Deleting RADIUS servers
- 205 Configuring LDAP support
- 205 Adding LDAP servers
- 206 Deleting LDAP servers
- 207 Configuring user groups
- 207 Adding user groups
- 208 Deleting user groups
- 209 IPSec VPN
- 210 Key management
- 210 Manual Keys
- 210 Automatic Internet Key Exchange (AutoIKE) with pre-shared keys or certificates
- 210 AutoIKE with pre-shared keys
- 210 AutoIKE with certificates
- 211 Manual key IPSec VPNs
- 211 General configuration steps for a manual key VPN
- 211 Adding a manual key VPN tunnel
- 213 AutoIKE IPSec VPNs
- 213 General configuration steps for an AutoIKE VPN
- 213 Adding a phase 1 configuration for an AutoIKE VPN
- 217 Adding a phase 2 configuration for an AutoIKE VPN
- 219 Managing digital certificates
- 219 Obtaining a signed local certificate
- 220 Generating the certificate request
- 221 Downloading the certificate request
- 221 Requesting the signed local certificate
- 222 Retrieving the signed local certificate
- 222 Importing the signed local certificate
- 223 Obtaining a CA certificate
- 223 Retrieving a CA certificate
- 223 Importing a CA certificate
- 224 Configuring encrypt policies
- 225 Adding a source address
- 225 Adding a destination address
- 225 Adding an encrypt policy
- 227 IPSec VPN concentrators
- 227 VPN concentrator (hub) general configuration steps
- 229 Adding a VPN concentrator
- 230 VPN spoke general configuration steps
- 231 Redundant IPSec VPNs
- 231 Configuring redundant IPSec VPN
- 233 Monitoring and Troubleshooting VPNs
- 233 Viewing VPN tunnel status
- 233 Viewing dialup VPN connection status
- 234 Testing a VPN
- 235 PPTP and L2TP VPN
- 235 Configuring PPTP
- 236 Configuring the FortiGate unit as a PPTP gateway
- 236 Adding users and user groups
- 236 Enabling PPTP and specifying an address range
- 237 Adding a source address
- 237 Adding an address group
- 238 Adding a destination address
- 238 Adding a firewall policy
- 238 Configuring a Windows 98 client for PPTP
- 238 Installing PPTP support
- 239 Configuring a PPTP dialup connection
- 239 Connecting to the PPTP VPN
- 239 Configuring a Windows 2000 client for PPTP
- 239 Configuring a PPTP dialup connection
- 240 Connecting to the PPTP VPN
- 240 Configuring a Windows XP client for PPTP
- 240 Configuring a PPTP dialup connection
- 240 Configuring the VPN connection
- 241 Connecting to the PPTP VPN
- 241 Configuring L2TP
- 242 Configuring the FortiGate unit as a L2TP gateway
- 242 Adding users and user groups
- 242 Enabling L2TP and specifying an address range
- 243 Adding a source address
- 243 Adding an address group
- 244 Adding a destination address
- 244 Adding a firewall policy
- 245 Configuring a Windows 2000 client for L2TP
- 245 Configuring an L2TP dialup connection
- 245 Disabling IPSec
- 246 Connecting to the L2TP VPN
- 246 Configuring a Windows XP client for L2TP
- 246 Configuring an L2TP VPN dialup connection
- 246 Configuring the VPN connection
- 247 Disabling IPSec
- 248 Connecting to the L2TP VPN
- 249 Network Intrusion Detection System (NIDS)
- 249 Detecting attacks
- 250 Selecting the interfaces to monitor
- 250 Disabling the NIDS
- 250 Configuring checksum verification
- 251 Viewing the signature list
- 251 Viewing attack descriptions
- 252 Enabling and disabling NIDS attack signatures
- 252 Adding user-defined signatures
- 253 Downloading the user-defined signature list
- 253 Preventing attacks
- 253 Enabling NIDS attack prevention
- 254 Enabling NIDS attack prevention signatures
- 254 Setting signature threshold values
- 256 Configuring synflood signature values
- 256 Logging attacks
- 256 Logging attack messages to the attack log
- 257 Reducing the number of NIDS attack log and email messages
- 257 Automatic message reduction
- 257 Manual message reduction
- 259 Antivirus protection
- 259 General configuration steps
- 260 Antivirus scanning
- 261 File blocking
- 262 Blocking files in firewall traffic
- 262 Adding file patterns to block
- 263 Quarantine
- 263 Quarantining infected files
- 263 Quarantining blocked files
- 264 Viewing the quarantine list
- 264 Sorting the quarantine list
- 265 Filtering the quarantine list
- 265 Deleting files from quarantine
- 265 Downloading quarantined files
- 265 Configuring quarantine options
- 266 Blocking oversized files and emails
- 266 Configuring limits for oversized files and email
- 266 Exempting fragmented email from blocking
- 266 Viewing the virus list
- 267 Web filtering
- 267 General configuration steps
- 268 Content blocking
- 268 Adding words and phrases to the banned word list
- 269 URL blocking
- 269 Using the FortiGate web filter
- 269 Adding URLs or URL patterns to the block list
- 270 Clearing the URL block list
- 271 Downloading the URL block list
- 271 Uploading a URL block list
- 272 Using the Cerberian web filter
- 272 General configuration steps
- 272 Installing a Cerberian license key on the FortiGate unit
- 272 Adding a Cerberian user to the FortiGate unit
- 273 Configuring Cerberian web filter
- 273 Enabling Cerberian URL filtering
- 274 Script filtering
- 274 Enabling the script filter
- 274 Selecting script filter options
- 275 Exempt URL list
- 275 Adding URLs to the exempt URL list
- 277 Email filter
- 277 General configuration steps
- 278 Email banned word list
- 278 Adding words and phrases to the banned word list
- 279 Email block list
- 279 Adding address patterns to the email block list
- 279 Email exempt list
- 280 Adding address patterns to the email exempt list
- 280 Adding a subject tag
- 281 Logging and reporting
- 281 Recording logs
- 282 Recording logs on a remote computer
- 282 Recording logs on a NetIQ WebTrends server
- 283 Recording logs on the FortiGate hard disk
- 284 Recording logs in system memory
- 284 Filtering log messages
- 286 Configuring traffic logging
- 286 Enabling traffic logging
- 286 Enabling traffic logging for an interface
- 286 Enabling traffic logging for a VLAN subinterface
- 287 Enabling traffic logging for a firewall policy
- 287 Configuring traffic filter settings
- 288 Adding traffic filter entries
- 289 Viewing logs saved to memory
- 289 Viewing logs
- 289 Searching logs
- 290 Viewing and managing logs saved to the hard disk
- 290 Viewing logs
- 290 Searching logs
- 291 Downloading a log file to the management computer
- 291 Deleting all messages in an active log
- 292 Deleting a saved log file
- 292 Configuring alert email
- 292 Adding alert email addresses
- 293 Testing alert email
- 293 Enabling alert email
- 295 Glossary
- 299 Index