Authentication servers

Leave a reply

RADIUS Client Settings

Accounting                                Leave unselected

Client Status                              Leave unselected

 

To configure the FortiGate unit as an Agent Host on the RSA ACE/Server

1. On the RSA ACE/Server computer, go to Start > Programs > RSA ACE/Server, and then Database

Administration – Host Mode.

2. On the Agent Host menu, select Add Agent Host.

3. Enter and save the following information.

Name                                           FortiGate

Network Address                      192.168.100.3

The IP address of the FortiGate unit.

 

Secondary Nodes                     Optionally enter other IP addresses that resolve to the FortiGate unit. If needed, refer to the RSA ACE/Server documentation for more information.

To configure the FortiGate unit to use the RADIUS server

1. Go to User & Device > Authentication > RADIUS Servers and select Create New.

2. Enter the following information, and select OK.

Name                                           RSA

Primary Server IP/Name           192.168.100.102

Optionally select Test to ensure the IP address is correct and the FortiGate can contact the RADIUS server.

Primary Server Secret               fortinet123

Authentication Scheme            Select Use Default Authentication Scheme.

To create a SecurID user group

1. Go to User & Device > User > User Groups, and select Create New.

2. Enter the following information.

Name                                           RSA_group

Type                                            Firewall

3. In Remote Groups, select Add, then select the RSA server.

4. Select OK.

 

To create a SecurID user:

1. Go to User & Device > User > User Definition, and select Create New.

2. Use the wizard to enter the following information, and then select Create.

User Type                                   Remote RADIUS User

User Name                                 wloman

RADIUS Server                          RSA

Contact Info                               (optional) Enter Email or SMS information

User Group                                RSA_group

To test this configuration, on your FortiGate unit use the CLI command:

diagnose test authserver radius RSA auto wloman 111111111

The series of 1s is the one time password that your RSA SecurID token generates and you enter.

 

Using the SecurID user group for authentication

You can use the SecurID user group in several FortiOS features that authenticate by user group including

  • Security policy
  • IPsec VPN XAuth
  • PPTP VPN
  • SSL VPN

The following sections assume the SecurID user group is called securIDgrp and has already been configured. Unless otherwise states, default values are used.

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.