RADIUS
User
FortiGate Version 4.0 Administration Guide
574
01-400-89802-20090424
For the FortiGate unit to dynamically assign an IP address, the VPN users must be
configured for RADIUS authentication and you must include the IP address to assign to
the user in the Framed-IP-Address RADIUS field. You configure each type of VPN
differently. In each case you are associating the VPN configuration that assigns IP
addresses to users with a user group.
Assigning IP addresses in this way does not replace assigning IP addresses from a
configured IP address range. In fact, you can configure an IP address range as well as
enable assigning IP addresses from a RADIUS server. If you use both methods, the
FortiGate unit attempts to assign the IP address from the RADIUS record first.
SSL VPN tunnel mode
For SSL VPN, you implement this feature by adding the Tunnel Mode widget to the SSL
VPN portal configuration. Go to
VPN > SSL > Portal
to configure SSL VPN portals. In the
Tunnel Mode configuration, set
IP Mode
to
User Group
.
Figure 378: Using RADIUS records to assign IP addresses for SSL VPN Tunnel Mode
For more information, see
“Tunnel Mode widget” on page 564
.
IPSec VPN DHCP server
You can dynamically assign IP addresses to IPSec VPN clients using RADIUS records by
configuring the IPSec DHCP server. In the IPSec DHCP server configuration you set
ip-mode
to
usrgrp
:
config system dhcp server
edit dhcp_server
set server-type ipsec
set ip-mode usrgrp
...
end
PPTP VPN
You can dynamically assign IP addresses to PPTP VPN clients using RADIUS records by
configuring the PPTP VPN to use the user group for getting IP addresses:
config vpn pptp
set status enable
set ip-mode usrgrp
...
end
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...