Security policy
To use SecurID in a security policy, you must include the SecurID user group in an identity-based security policy. This procedure will create a security policy that allows HTTP, FTP, and POP3 traffic from the internal interface to wan1. If these interfaces are not available on your FortiGate unit, substitute other similar interfaces.
To configure a security policy with SecurID authentication
1. Go to Policy > Policy > Policy.
2. Select Create New.
3. In Policy Subtype, select User Identity.
4. Enter
Incoming Interface | internal |
Source Address | all |
Outgoing Interface | wan1 |
Enable NAT | Selected. |
5. In Configure Authentication Rules, select Create New.
6. Enter
Destination Address | all |
Group(s) | securIDgrp |
Schedule | always |
Services | HTTP, FTP, POP3 |
Action | ACCEPT |
7. To generate usage reports on traffic authenticated with this policy, enable Log Allowed Traffic.
8. To either limit traffic or guarantee minimum bandwidth for traffic that uses the SecurID security policy, enable Traffic Shaping and Shared Traffic Shaper and then select one of the default shapers from the list such as guarantee-100kbps.
9. Select OK.
You are returned to the security policy creation page, with the information you just entered in the Configure Authentication Rules table.
10. Optionally, you can modify any challenge pages or logon pages users will see. Select Customize Authentication Messages and select the Edit icon that appears.
11. Select OK.
The SecurID security policy is configured.
For more detail on configuring security policies, see the FortiOS Handbook FortiGate Fundamentals chapter.