Configuring authenticated access

Configuring authentication security policies

To include authentication in a security policy, the policy must specify user groups. A security policy can authenticate by certificate, FSSO, and NTLM. The two exceptions to this are RADIUS SSO and FSSO Agents. See SSO using RADIUS accounting records on page 596, and Introduction to FSSO agents on page 554.

Before creating a security policy, you need to configure one or more users or user groups. For more information, see Users and user groups on page 474.

Creating the security policy is the same as a regular security policy except you must select the action specific to your authentication method:


Authentication methods allowed for each policy Action


Action      Authentication method                                            Where authentication is used

ACCEPT    FSSO Agent or a security policy that specifies an

FSSO user group

Agent-based FSSO on page 553.

NTLM                                                                             See NTLM authentication on page 508.

Certificates                                                                     See Configuring certificate-based authen- tication on page 534.

RADIUS SSO                                                                 See SSO using RADIUS accounting records on page 596.

DENY        none                                                                               none




A WiFi or SSL captive portal can include a disclaimer message presented after the user authenticates. The user must agree to the terms of the disclaimer to access network resources.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.