One of my customer manage 4 pairs of Fortigate firewalls from Fortimanager. They like to introduce Fortitoken for their remote vpn users. Each pairs will have same VPN users. For easy management, customer is willing to push the users from Fortimanager and having same policy package for all 4 pairs. Administrator can create a user at Fortimanager and push that to all 4 pairs.
Question 1: If a user is created on Fortimanager and a Fortitoken is assigned to that user from Fortimanager, I am seeing an error while installing policy package to firewalls since Fortitoken bound to that user can be used on one pair only. is that correct behavior?
Question 2: If i create a user without Fortitoken assignment at Fortimanager and push the user to all 4 pairs then assign fortitoken directly from Fortigate, will it trigger a conflict on Fortimanager database since the same user with four different tokens from 4 fortigate pairs going to sync with Fortimanager database?
Thanks for the reply. I thought EMS is for Forticlient management. I couldn't find user/fortitoken settings from EMS. we have decided to go for FortiAuthenticator for user management and Fortimanager to manage the firewalls.So, Fortigates will not hold any users. Single user with a token at FAC can be used by all firewalls for admin and VPN login
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.