- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiAuthenticator as a Radius Server
Hello Team,
I need some guidance on FortiAuthenticator.
Let's assume I want to implement FortiAuthenticator as a Radius (and Tacacs) Server only, for a small group of Network Engineers (30 Engineers) and about 3000 devices (switches and firewalls)
Second assumption is to run FortiAuthenticator as a Virtual Appliance, what calculation needs to be done on the amount of users to match a certain type/size ? For example FAC-VM-BASE ( 100 users )
Thanks in advance !
Solved! Go to Solution.
- Labels:
-
FortiAuthenticator v5.5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, @new2fortinet,
yes, it is. However, you can also specify devices with subnets to fit the licensing count.
Created on ‎03-28-2023 04:27 AM Edited on ‎03-28-2023 04:27 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAC is mostly used for 2FA for users via Token or email, for either SSLVPN or SAML.
For large deployments where you only want to do AAA via RADIUS, like the one you described i don't think its best suited, financial wise.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Funkylicious,
Many thanks for the calculation table.
Apologies beforehand, but I am not sure if I understand correctly, for example FAC-VM-1000-UG would be 1000 users and based on this I can only have roughly 333 switches/routers or firewalls running Radius authentication ?
In the example of 5000 users, I could only have 1666 devices ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, @new2fortinet,
yes, it is. However, you can also specify devices with subnets to fit the licensing count.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Many thanks !
The issue I might run into is the price difference between FAC-VM-1000-UG and FAC-VM-10000-UG which I most likely cannot justify for a tacacs/radius server solution.
Same goes for a hardware appliance, the FAC-300F versus FAC-800F which is 3 times the price.
Created on ‎03-28-2023 04:27 AM Edited on ‎03-28-2023 04:27 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAC is mostly used for 2FA for users via Token or email, for either SSLVPN or SAML.
For large deployments where you only want to do AAA via RADIUS, like the one you described i don't think its best suited, financial wise.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the feedback, what would you advice to use as Radius/Tacacs server ? Would Free Radius a the way forward ? I like the way how the Fortinet GUI is setup, as that would make it more inline with the Fortigates in the field with the user experience.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
Many thanks for your responses, I will check for another Radius solution to have the units in the field authenticated against userid/password and AD/LDAP.
