Fortinet v3.0 MR7 Network Card User Manual


 
FortiOS v3.0 MR7 User Authentication User Guide
6 01-30007-0347-20080828
User’s view of authentication Introduction
User’s view of authentication
The user sees a request for authentication when they try to access a protected
resource. The way in which the request is presented to the user depends on the
method of access to that resource.
VPN authentication usually controls remote access to a private network.
Web-based user authentication
Firewall policies usually control browsing access to an external network that
provides connection to the Internet. In this case, the FortiGate unit requests
authentication through the web browser:
The user types a user name and password and then selects Continue/Login. If the
credentials are incorrect, the authentication screen is redisplayed with blank fields
so that the user can try again. When the user enters valid credentials, they get
access to the required resource. In some cases, if a user tries to authenticate
several times without success, a message appears, such as: “Too many bad login
attempts. Please try again in a few minutes.”
VPN client-based authentication
VPNs provide remote clients with access to a private network for a variety of
services that include web browsing, email, and file sharing. A client program such
as FortiClient negotiates the connection to the VPN and manages the user
authentication challenge from the FortiGate unit.
Note: After a defined period of user inactivity (the authentication timeout, defined
by the FortiGate administrator), the user access will expire. The default is 5
minutes. To access the resource, the user will have to authenticate again.