Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tanr
Valued Contributor II

Anyone upgraded to FortiAuthenticator 4.2.0?

Has anyone upgraded to FortiAuthenticator 4.2.0?

 

If so, how has it been working?

 

Also, anybody using it with the (beta) FortiAnalyzer 5.4.2 which is supposed to handle the FAC 4.2.0 native logs now?  If so, are the new log formats working well, useful, etc.?

5 REPLIES 5
tanr
Valued Contributor II

Checking again -- anybody using FortiAuthenticator 4.2.0?

ergotherego

We've been running 4.2.0 since right when it came out w/o any issues. We use FAC as the RADIUS server for FGT clients using FortiToken 2FA, authenticating users against a Windows NPS (RADIUS) server.

 

The multiple domain support for 4.2.0 is very nice. Nothing in the release notes for 4.2.1 are interesting to me though, FWIW.

jimsokol
New Contributor III

I am using FAC 4.2.1 and FAZ 5.4.2. Although they say support the FAC on FAZ, and I was able to add the units I have from the unregistered device list in FAZ, I cannot seem to locate them anywhere in the GUI. I presently have a support ticket open for that.

tanr
Valued Contributor II

I was able to add the FAC to the FAZ and can now see it and its logs in the FAZ, under the FortiAuthenticator VDOM.

I'm running FAC 4.2.1 and FAZ 5.4.2 as well.  I haven't done much with it, but it seems to be working.

 

Some questions:

1. Did you add the FortiAuthenticator to the FortiAuthenticator VDOM on the FAZ?

2. Did you (or do you still) have the FortiAuthenticator also sending SysLog data to the FAZ?  And on the other side, do you have the FAZ with the FAC still in its syslog list?  I had trouble with this setup till I removed the FAC to FAZ syslog setup.  After I did that, I the FAC device from the FAZ FortiAuthenticator VDOM, then re-added it and everything was fine.

3. If (1) is yes, and you've turned off syslog and reconnected as in (2), what do you see if you go to the FortiAuthenticator VDOM?  Does the "Log Browse" section show you a log you can open up?  Is there anything under Event?  You may need to set the time frame and hit Go again to get something.

jimsokol
New Contributor III

tanr,

   I didn't realize we needed to be using adoms, so I turned it on and am all set. Not sending syslogs. Thanks for the info.

 

 

Labels
Top Kudoed Authors