Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dnayak_FTNT
Staff
Staff

Created on ‎08-07-2015 03:04 AM

Article Id 189719

Technical Note: SSL VPN based on both LDAP and certificate authentication

Description
This article addresses the configuration where clients are to connect to SSL VPN using both their domain credentials and SSL user certificate.

It does not cover general SSL VPN configuration and LDAP configuration/integration in the FortiGate as it is assumed they are already in place.

Solution
Import the user certificate in the browser (IE). The user certificate will always be present in “Personnel” tab as shown below.
sinamdar_FD36844_tn_FD36844-1.jpg
Also, import user’s CA certificate in the browser.
sinamdar_FD36844_tn_FD36844-2.jpg
Import the server certificate and SSL VPN user’s CA certificate in the FortiGate.
sinamdar_FD36844_tn_FD36844-3.jpg
Enable the “require client certificate” option and specify the SSL VPN server certificate in SSL VPN settings. Under the users/groups section, specify LDAP users/groups. This will enable both LDAP and certificate authentication.
sinamdar_FD36844_tn_FD36844-4.jpg
Use the user certificate and LDAP credentials on the FortiClient as shown below:
sinamdar_FD36844_tn_FD36844-5.jpg
The client will now be able to connect to SSL VPN using both their domain credentials and their user certificate.

Related Articles

Technical Note: SSL VPN - Certificate Based Authentication

5988
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.