Adding a FortiAuthenticator unit to your network
Before setting up the FortiAuthenticator unit, there are some requirements for your network:
- You must have security policies that allow traffic between the client network and the subnet of the
FortiAuthenticator, l You must ensure that the following ports are open in the security policies between the FortiAuthenticator and authentication clients, in addition to management protocols such as HTTP, HTTPS, telnet, SSH, ping, and other protocols you may choose to allow:
- UDP/161 (SNMP) l UDP/1812 (RADIUS Auth) l UDP/1813 (RADIUS Accounting) l TCP/389 (LDAP) l TCP/636 (LDAPS) l TCP/8000 (FortiGate FSSO) l TCP/2560 (OCSP) l TCP/8001 (FortiClient Single Sign-On Mobility Agent FSSO) Maintenance
- TCP/8002 (DC/TS Agent FSSO) l TCP/8003 (Hierarchical FSSO)
To setup FortiAuthenticator on your network:
- Log in to the GUI with the username admin and no password.
- Go to System > Network > DNS. Enter your internal network primary and secondary name server IP addresses. This is essential for successful FSSO operation. See DNS on page 31
- Go to System > Network > Static Routing and create a default route (IP/Mask 0.0.0.0/0) to your network gateway on the interface that connects to the gateway. See Static routing on page 31.
- Go to System > Dashboard > Status.
- In the System Information widget select Change in the System Time field, then select your time zone from the list.
- Either enable the NTP or manually enter the date and time. See Configuring the system time, time zone, and date on page 27.
Enter a new time and date by either typing it manually, selecting Today or Now, or select the calendar or clock icons for a more visual method of setting the date and time.
- Select OK.
- If the FortiAuthenticator is connected to additional subnets, configure additional FortiAuthenticator interfaces as required. See Interfaces on page 30.
Maintenance
System maintenance tasks include:
l Backing up the configuration l Upgrading the firmware l Licensing
Backing up the configuration
You can back up the configuration of the FortiAuthenticator unit to your local computer. See Backing up and restoring the configuration on page 28 for more information.
Automatic system configuration backup can also be configured. See Automatic backup on page 38 for information.
Upgrading the firmware
Periodically, Fortinet issues firmware upgrades that fix known issues, add new features and functionality, and generally improve your FortiAuthenticator experience. See Firmware on page 38 for more information.
Troubleshooting
Before proceeding to upgrade your system, Fortinet recommends you back up your configuration. Please follow the procedure detailed in Backing up and restoring the configuration on page 28.
To upgrade the firmware, you must first register your FortiAuthenticator with Fortinet. See Registering your Fortinet product on page 13.
To upgrade FortiAuthenticator firmware:
- Download the latest firmware to your local computer from the Fortinet Technical Support web site, https://support.fortinet.com.
- Go to System > Administration > Firmware.
- Select .., and locate the firmware image on your local computer.
- Select OK.
When you select OK, the firmware image will upload from your local computer to the FortiAuthenticator device, which will then reboot. You will experience a short period of time during this reboot when the FortiAuthenticator device is offline and unavailable for authentication.
Licensing
FortiAuthenticator-VM works in evaluation mode until it is licensed. The license is valid only if one of the
FortiAuthenticator interfaces is set to the IP address specified in the license. See Licensing on page 42 for more information.
To license FortiAuthenticator:
- Go to System > Administration > Licensing.
- Select .. and locate on your local computer the license file you received from Fortinet.
- Select OK.