Security policy

To use SecurID in a security policy, you must include the SecurID user group in a security policy. This procedure will create a security policy that allows HTTP, FTP, and POP3 traffic from the internal interface to wan1. If these interfaces are not available on your FortiGate unit, substitute other similar interfaces.

To configure a security policy with SecurID authentication

1. Go to Policy & Objects > Policy > IPv4.

2. Select Create New.

3. Enter:

Incoming Interface                   internal

Source Address                        all

Source User(s)                          securIDgrp

Outgoing Interface                   wan1

Destination Address                 all

Schedule                                    always

Services                                     HTTP, FTP, POP3

Action                                         ACCEPT

NAT                                             On

Shared Shaper                           On, if you want to either limit traffic or guarantee minimum bandwidth for traffic that uses the SecurID security policy. Use the default shaper guar– antee-100kbps.

Log Allowed Traffic                  On, if you want to generate usage reports on traffic authenticated with this policy.

4. Select OK.

The SecurID security policy is configured.

For more detail on configuring security policies, see the FortiOS Handbook FortiGate Fundamentals guide.