|
FortiToken-300/310 is a USB device that essentially serves as a portable personal certificate store, and is physically connected to the user's computer for client certificate-based identification/authentication.
The device can not be registered with the firewall or linked/attached to a specific user as the other token models.
Important Note:
Each FortiToken-300/310 owner is expected to have a unique non-exportable certificate to provide its identity.
Download the necessary software and guidelines to prepare for customizing these tokens to secure the infrastructure.
- Log in to the website at Fortinet Support Link
- Select FortiToken from the drop-down menu. Go to the download section -> /FortiToken/FortiToken300_310/Windows. The following files should be present:
- The FortiToken_ManagerAdmin.exe.
- The FortiToken-FTK300_310-Setup_x64.msi.
- Select FortiToken from the drop-down menu. Go to the Download section -> /FortiToken/ FortiToken300_310/Windows. The following files should be present:
- FortiToken 300_310 TokenManager - Admin Version-1.2-Administrator Guide.pdf.
- FortiToken 300_310 TokenManager-1.15-User Guide.pdf.
The PKI certificate can be attached to a policy as a second-layer of authentication.
client(FTK310_certificate)---------[FGT---PolicyX(userme+PKI_Cert)]----------------------[Secure_Segment]
Below is an example of the process of trust relationship configuration on FortiGate.
Applicable Scenario A: Technical Tip: PKI peer user creation for certificate authentication.
Applicable Scenario B: Technical Tip: Using Certificates to authenticate users in SSL VPN.
Once the token FortiToken300_310 is plugged into the PC, the FTK301_certificate (identity) is added to the 'Personal' that is used and verified by the PKI peer configured on FortiGate. This guarantees that upon reaching a secure resource, the appropriate policy is matched.
Related article:
How to configure FortiClient to use FortiToken 300 for certificate authentication.
|
