Technical Tip: Process flow when FortiAuthenticato...

FortiAuthenticator

FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.

Article Id 331790

Description

This article describes the process flow when FortiAuthenticator is configured as a RADIUS Server and FortiToken push notification is enabled for SSL VPN users.

Scope

FortiAuthenticator All models.

Solution

FortiAuthenticator can be configured as a RADIUS server for SSL VPN users as describes in the following document: SSL VPN with RADIUS on FortiAuthenticator.

Operational flow details are explained in Technical Tip: FortiToken Push on FortiAuthenticator: operation flow and details.

The diagram below explains the flow for the SSL VPN client.

Note: The following prerequisites are required for the flow to work:

The Remote Client should have internet access and have connectivity to FortiGate (SSL VPN server).
FortiGate is added as the RADIUS Client on FortiAuthenticator and FortiAuthenticator as the RADIUS Server on FortiGate.
FortiAuthenticator can reach the DC (LDAP server) and LDAP users are imported and assigned a token.
FortiAuthenticator can reach to push.fortinet.com.
FortiToken assigned to the user is activated either by scanning the QR code provided to the user or by adding the invite code to the FortiToken Mobile app.

995

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Process flow when FortiAuthenticator is configured as a RADIUS Server and FortiToken push notification is enabled for SSL VPN users

You are leaving our website