IPsec VPNs and certificates

IPsec VPNs and certificates Certificate authentication is a more secure alternative to preshared key (shared secret) authentication for IPsec VPN peers. Unlike administrators or SSL VPN users, IPsec peers use HTTP to connect to the VPN gateway configured on the FortiGate unit. The VPN gateway configuration can require certificate authentication before it permits an IPsec […]

Certificate-based authentication

Certificate–based authentication This section provides an overview of how the FortiGate unit verifies the identities of administrators, SSL VPN users, or IPsec VPN peers using X.509 security certificates. The following topics are included in this section: What is a security certificate? Certificates overview Managing X.509 certificates Configuring certificate-based authentication Example — Generate a CSR on […]

Customizing captive portal pages

Customizing captive portal pages These pages are defined in replacement messages. Defaults are provided. In the web-based manager, you can modify the default messages in the SSID configuration by selecting Customize Portal Messages. Each SSID can have its own unique portal content. The captive portal contains the following default web pages: Login page—requests user credentials […]

Configuring a captive portal

Configuring a captive portal Captive portals are configured on network interfaces. On a physical (wired) network interface, you edit the interface configuration in System > Network > Interfaces and set Security Mode to Captive Portal. A WiFi interface does not exist until the WiFi SSID is created. You can configure a WiFi captive portal at […]

Captive portals

Captive portals A captive portal is a convenient way to authenticate web users on wired or WiFi networks. This section describes: Introduction to Captive Portals Configuring a captive portal Customizing captive portal pages   Introduction to Captive Portals You can authenticate your users on a web page that requests the user’s name and password. Until […]

Configuring authenticated access

Configuring authenticated access When you have configured authentication servers, users, and user groups, you are ready to configure security policies and certain types of VPNs to require user authentication. This section describes: Authentication timeout Password policy Authentication protocols Authentication in Captive Portals Authentication in security policies VPN authentication   Authentication timeout An important feature of […]

Managing Guest Access

Managing Guest Access Visitors to your premises might need user accounts on your network for the duration of their stay. If you are hosting a large event such as a conference, you might need to create many such temporary accounts. The FortiOS Guest Management feature is designed for this purpose. A guest user account User […]