Does anyone know if one FortiToken Mobile app with two or more FortiGates for SSL VPN is possible? I mean WITHOUT FortiAuthenticator.
We have mulitiple SSL VPN entry points in our nation-wide network. But now we want to use FortiToken Mobile. The gotcha is we don't have FortiAuthenticator for remote authentication. So we need to buy multiple tokens for all FortiGates. But I'm not sure if this even works with one smartphone per user.
Toshi
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I just wanted to update what kind of answers I got through Reddit when I posted the same question there. I hope this is not violating the policy of this forum.
Direct answer to my question was "Yes, one app can handle multiple tokens from multiple FortiGates". One guy even shared me his app's screenshot for two FGTs. And futher, another guy recommended FortiToken Cloud, which seems to accommodate multiple Fortigates for the same token, which might be ideal for us. I need to learn how each option would work including with FortiAuthenticator.
I'm not sure if we have any guide for how the whole sequence works, at least on the docs page.
We do have a configuration example with two-factor authentication (SMS token, but the process for FTK is much the same): https://docs.fortinet.com/document/fortiauthenticator/6.4.0/cookbook/451567/sms-two-factor-authentic...
However, this is with a local user created on FortiAuthenticator, not a user that is on LDAP.
Here is a section on remote authentication servers in FortiAuthenticator (tie-in with remote LDAP/RADIUS):
https://docs.fortinet.com/document/fortiauthenticator/6.0.0/administration-guide/641286/remote-authe...
The study guide for NSE 6 FortiAuthenticator does cover what I discussed above as well, but doesn't provide a simple step-by-step example of what a setup would look like. That is part of the labs in instructor-led FortiAuthenticator training, I believe.
If your questions are about RADIUS protocol in general, the study guide contains a small section on how RADIUS works, but it doesn't go into great depth and presumes at least a bit of familiarity with the protocol.
As for a diagram - a crude one, but I hope it helps you visualize what's going on:
communication between FAC and FGT is RADIUS, and between FAC and remote auth server could be RADIUS, LDAP, etc.
For those remote servers, they would see FAC as client, not FortiGate.
For FortiGate, it would only have the one RADIUS server to speak to.
I'm not sure if we have any guide for how the whole sequence works, at least on the docs page.
We do have a configuration example with two-factor authentication (SMS token, but the process for FTK is much the same): https://docs.fortinet.com/document/fortiauthenticator/6.4.0/cookbook/451567/sms-two-factor-authentic...
However, this is with a local user created on FortiAuthenticator, not a user that is on LDAP.
Here is a section on remote authentication servers in FortiAuthenticator (tie-in with remote LDAP/RADIUS):
https://docs.fortinet.com/document/fortiauthenticator/6.0.0/administration-guide/641286/remote-authe...
The study guide for NSE 6 FortiAuthenticator does cover what I discussed above as well, but doesn't provide a simple step-by-step example of what a setup would look like. That is part of the labs in instructor-led FortiAuthenticator training, I believe.
If your questions are about RADIUS protocol in general, the study guide contains a small section on how RADIUS works, but it doesn't go into great depth and presumes at least a bit of familiarity with the protocol.
As for a diagram - a crude one, but I hope it helps you visualize what's going on:
communication between FAC and FGT is RADIUS, and between FAC and remote auth server could be RADIUS, LDAP, etc.
For those remote servers, they would see FAC as client, not FortiGate.
For FortiGate, it would only have the one RADIUS server to speak to.
This diagram is exactly what I was looking for. Thanks again.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1011 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.