Set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" It is possible to use any Certificate Authority to sign the user’s certificate, provided that FortiGate trusts that CA.įor FortiGate to trust that CA, it should be either imported into the FortiGate, or it should be a well-known CA present in the FortiGate’s factory certificate bundle. The 'CA_Cert_1' is the CA Certificate of the CA who signed the certificate for the user.Īfter the CA certificate is imported into the FortiGate then it will show up under the # set ca, command. It is also possible to use, set cnid=“sAMAccountName". SSL-VPN Authentication using User Certificates as 1 st Factor and LDAP Username and Password as 2 nd Factor. This feature is implemented in 6.2.2 and 6.4.0 onwards. SSL VPN with LDAP-integrated certificate authentication.īut the following document covers how to use Username and Password as a 2nd factor which is configured on the remote authentication servers like LDAP/Radius along with User Certificates and User Certificate being the 1st factor. SSL-VPN Authentication with User Certificates 'ONLY' is given in the following document: This article describes SSL-VPN Authentication using User Certificates as 1st Factor and LDAP/Radius for Username and Password as 2nd factor of authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |