Security policy
To use SecurID in a security policy, you must include the SecurID user group in a security policy. This procedure will create a security policy that allows HTTP, FTP, and POP3 traffic from the internal interface to wan1. If these interfaces are not available on your FortiGate unit, substitute other similar interfaces.
To configure a security policy with SecurID authentication
1. Go to Policy & Objects > Policy > IPv4.
2. Select Create New.
3. Enter
Incoming Interface | internal |
Source Address | all |
Source User(s) | securIDgrp |
Outgoing Interface | wan1 |
Destination Address | all |
Schedule | always |
Services | HTTP, FTP, POP3 |
Action | ACCEPT |
NAT | On |
Shared Shaper | On, if you want to either limit traffic or guarantee minimum bandwidth for traffic that uses the SecurID security policy. Use the default shaper. |
Log Allowed Traffic | On, if you want to generate usage reports on traffic authenticated with this policy. |
4. Select OK.
The SecurID security policy is configured.
For more detail on configuring security policies, see the FortiOS Handbook FortiGate Fundamentals chapter.