Filter
Top Products
Configuring authenticated access Firewall policy authentication
FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828 51
The FortiGate unit performs authentication only on requests to access HTTP,
HTTPS, FTP, and Telnet. Once the user is authenticated, the user can access
other services if the firewall policy permits.
4 Select the position of the DNS policy so that it precedes the policy that provides
access to the Internet.
Figure 25: Move firewall policy position selection
5 Select OK.
Configuring authenticated access to the Internet
A policy for accessing the Internet is similar to a policy for accessing a specific
network, but the destination address is set to all. The destination interface is the
one that connects to the Internet service provider. For general purpose Internet
access, the Service is set to ANY.
Access to HTTP, HTTPS, FTP and Telnet sites may require access to a domain
name service. DNS requests do not trigger authentication. You must configure a
policy to permit unauthenticated access to the appropriate DNS server, and this
policy must precede the policy for Internet access.
To configure a firewall policy for access to a DNS server - web-based
manager
1 Go to Firewall > Policy.
2 Select Create New to create a new firewall policy, enter the following information,
and select OK.
Source Interface/
Zone
List of source interfaces available. Select the interface to which
computers on your network are connected.
Source Address List of source address names. Select all.
Destination Interface/
Zone
List of destination interfaces available. Select the interface that
connects to the Internet.
Destination Address List of destination address names. Select all.
Schedule List of available schedules. Select always.
Service List of available services. Select DNS.
Action List of available authentication result actions. Select ACCEPT.
Note: Position the DNS server in the firewall policy list according to the guidelines outlined
in “Firewall policy order”.