I consider using Fortitoken TwoFactorAuthentication for both administrative and SSL-VPN-authentication.
So far, so god. But the problem is that I as a sys-admin need both to have a administrative account and a VPN-account on the unit. There are also 5 branch offices with FortiGates where I need administrative account to.
And here is the problem; It seems like there are a one2one2one-relationship between accounts, FortiToken and mobile phone. I can only have one FortiToken on my phone and one Fortitoken cannot be assigned to both a VPN-account and a administrative account; neither on the same device or across devices.
Any good solutions or workaround here?
Solved! Go to Solution.
I recommend you take a look at new FortiToken Cloud service (FTC) available if you are running FOS 6.2 or later. It is a perfect fit for your scenario. You can try it anyway for free. (https://ftc.fortinet.com) With the current version of FTC, you can use the same token issued by FTC for all your FGT admin instances across multiple FGT devices and VPN user instances across multiple FGT devices/VDOMs as long as the username in the FGT is the same.
In an upcoming release we will allow the FTC customer to designate when the same username should be treated as a different FTC user if in multiple FGT/VDOMs. But, as I said, the current version is tailor made for what you need.
Sorry for the late answer. Thanks I'll see when I'll upgrade to 6.2.x, I'm still on 6.0.8.
Best
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.