Hi
One of my customer manage 4 pairs of Fortigate firewalls from Fortimanager. They like to introduce Fortitoken for their remote vpn users. Each pairs will have same VPN users. For easy management, customer is willing to push the users from Fortimanager and having same policy package for all 4 pairs. Administrator can create a user at Fortimanager and push that to all 4 pairs.
Question 1: If a user is created on Fortimanager and a Fortitoken is assigned to that user from Fortimanager, I am seeing an error while installing policy package to firewalls since Fortitoken bound to that user can be used on one pair only. is that correct behavior?
Question 2: If i create a user without Fortitoken assignment at Fortimanager and push the user to all 4 pairs then assign fortitoken directly from Fortigate, will it trigger a conflict on Fortimanager database since the same user with four different tokens from 4 fortigate pairs going to sync with Fortimanager database?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What you are seeing is expected. When using tokens installed directly on FortiGates, they are locally significant.
Your customer would need to:
1) Use FortiClient EMS with remote user accounts. That way a single user can have a single token associated with them, and use that token across any number of FortiGates.
2) Use differently named user accounts, each with their own token (one for each firewall). And use unique policy packages on each firewall, referencing the unique user/groups accordingly.
3) Not use FortiManager to manage those FortiGate firewalls.
Hi
Thanks for the reply. I thought EMS is for Forticlient management. I couldn't find user/fortitoken settings from EMS. we have decided to go for FortiAuthenticator for user management and Fortimanager to manage the firewalls.So, Fortigates will not hold any users. Single user with a token at FAC can be used by all firewalls for admin and VPN login
Thanks
Typo on my part. I did mean FortiAuthenticator for remote token management.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.