Configuring authentication security policies
To include authentication in a security policy, the policy must specify user groups. A security policy can authenticate by certificate, FSSO, and NTLM. The two exceptions to this are RADIUS SSO and FSSO Agents. See SSO using RADIUS accounting records on page 596, and Introduction to FSSO agents on page 554.
Before creating a security policy, you need to configure one or more users or user groups. For more information, see Users and user groups on page 474.
Creating the security policy is the same as a regular security policy except you must select the action specific to your authentication method:
Authentication methods allowed for each policy Action
Action Authentication method Where authentication is used
ACCEPT FSSO Agent or a security policy that specifies an
FSSO user group
Agent-based FSSO on page 553.
NTLM See NTLM authentication on page 508.
Certificates See Configuring certificate-based authen- tication on page 534.
RADIUS SSO See SSO using RADIUS accounting records on page 596.
DENY none none
Disclaimer
A WiFi or SSL captive portal can include a disclaimer message presented after the user authenticates. The user must agree to the terms of the disclaimer to access network resources.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!