System Admin
Administrators
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
221
•
3
Enter the
Name
of the PKI user.
4
For
Subject
, enter the text string that appears in the subject field of the certificate of the
authenticating user.
5
Select the
CA
certificate used to authenticate this user.
6
Select
OK
.
To create the user group (PKI)
1
Go to
User > User Group
.
2
Select
Create New
, or select the
Edit
icon beside an existing user group.
3
Enter the
Name
that identifies the user group.
4
For
Type
, enter
Firewall
.
5
In the
Available Users/Groups
list, select the PKI user name and move it to the
Members
list.
6
Select
OK
.
To configure an administrator to authenticate with a PKI certificate
1
Go to
System > Admin.
2
Select
Create New
, or select the
Edit
icon beside an existing administrator.
3
Enter or select the following:
4
Configure additional features as required. For more information, see
administrator account” on page 212
.
5
Select
OK
.
Using trusted hosts
Setting trusted hosts for all of your administrators increases the security of your network
by further restricting administrative access. In addition to knowing the password, an
administrator must connect only through the subnet or subnets you specify. You can even
restrict an administrator to a single IP address if you define only one trusted host IP
address with a netmask of 255.255.255.255.
When you set trusted hosts for all administrators, the FortiGate unit does not respond to
administrative access attempts from any other hosts. This provides the highest security. If
you leave even one administrator unrestricted, the unit accepts administrative access
attempts on any interface that has administrative access enabled, potentially exposing the
unit to attempts to gain unauthorized access.
The trusted hosts you define apply both to the web-based manager and to the CLI when
accessed through Telnet or SSH. CLI access through the console connector is not
affected.
The trusted host addresses all default to 0.0.0.0/0.0.0.0. If you set one of the
0.0.0.0/0.0.0.0 addresses to a non-zero address, the other 0.0.0.0/0.0.0.0 will be ignored.
The only way to use a wildcard entry is to leave the trusted hosts at 0.0.0.0/0.0.0.0.
However, this configuration is less secure.
Administrator
A name that identifies the administrator.
Type
PKI
.
User Group
The user group that includes the PKI user as a member.
Admin Profile
The admin profile to apply to the administrator.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...