Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Introduction to Fortinet Unified Threat Management
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Fortinet Single Sign On
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Course 201 – Administration, Content Inspection and SSL VPN
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
70-411: Administering Windows Server 2012
Virtual Networking. Module Objectives By the end of this module participants will be able to: Understand the use of virtual LANs Create VLAN subinterfaces.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
 In Karnataka, Digital Signatures are being extensively used in various projects right from delivery of citizen centric services through various projects.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Cisco’s Secure Access Control Server (ACS)
Module 9: Fundamentals of Securing Network Communication.
Harshavardhan Achrekar - Grad Student Umass Lowell presents 1 Scenarios Authentication Patterns Direct Authentication v/s Brokered Authentication Kerberos.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 3: Authentication, Authorization, and Accounting
Integrating and Troubleshooting Citrix Access Gateway.
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
Module 5: Designing Security for Internal Networks.
© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Application Control. Module Objectives By the end of this module participants will be able to: Define application control lists Define firewall policies.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
19 Copyright © 2008, Oracle. All rights reserved. Security.
Fortinet NSE8 Exam Do You Want To Pass In First Attempt.
Module 3: Enabling Access to Internet Resources
Enabling Secure Internet Access with TMG
FORTINET Network Security NSE8 Dumps - 100% Success
Module Overview Installing and Configuring a Network Policy Server
Information Security Professionals
Module 1: Introduction to Administering Accounts and Resources
Configuring and Troubleshooting Routing and Remote Access
Radius, LDAP, Radius used in Authenticating Users
Module 8: Securing Network Traffic by Using IPSec and Certificates
NSE4-5.4 Dumps
NSE5 Dumps PDF Fortinet Network Security Expert 5 Written Exam (500) NSE5 DumpsNSE5 BraindumpsNSE5 Questions AnswersNSE5 Study Material.
On and Off Premise Secure Access
Server-to-Client Remote Access and DirectAccess
Module 8: Securing Network Traffic by Using IPSec and Certificates
Presentation transcript:

Remote User Authentication

Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating users that are contained in databases external to the FortiGate unit Configure LDAP Authentication

Remote User Authentication LDAP Directory Services TACACS+ RADIUS Remote Users Digital certificates Click here to read more about authentication methods

Remote User Authentication LDAP Directory Services TACACS+ RADIUS Remote Users Digital certificates Click here to read more about authentication methods The information used to authenticate users is stored on a remote server The FortiGate unit sends the user’s credentials to the remote server for validation Best for situations where multiple FortiGate units need to authenticate the same users

Remote User Authentication LDAP Directory Services TACACS+ RADIUS Digital certificates

Remote User Authentication LDAP Directory Services TACACS+ RADIUS Digital certificates The FortiGate unit must be configured to access the external servers used to authenticate the users Administrators can create an account for the user locally and specify the server to verify the password or Administrators can add the authentication server to a user group All users in that server become members of the group

RADIUS Authentication Kelly Miller #p57ds% ? RADIUS Kelly Miller #p57ds%

RADIUS Authentication Kelly Miller #p57ds% RADIUS Kelly Miller #p57ds% The FortiGate unit sends the user name and password to the RADIUS server for verification A RADIUS server can be added as a user group All members will be able to authenticate

RADIUS Authentication RADIUS

RADIUS Authentication RADIUS The IP address of the primary and secondary RADIUS servers along with their secret key must be identified on the FortiGate unit A Fortinet Vendor-Specific Attributes (VSA) dictionary is provided to identify the RADIUS attributes used by the FortiGate unit

RADIUS and SecureID Authentication RSA ACE/Server ? RADIUS

RADIUS and SecureID Authentication RSA ACE/Server RADIUS A RADIUS server and an RSA ACE/Server can be configured to work together to verify the password displayed on the SecureID token The FortiGate unit must be configured to access the RADIUS server in addition to being configured as an Agent Host in the RSA ACE/Server A user group for the SecureID users must be created on the FortiGate unit

Dynamic Profiles Customer identifying information can be stored in the RADIUS server When a user authenticates using RADIUS, the FortiGate unit can use a dynamic profile to extract the customer information and process traffic according to the dynamic profile firewall policy RADIUS Start record is sent to the FortiGate device Allows different groups of users to have different levels of access For example, parental controls

Dynamic Profiles Kelly Miller #p57ds% ? RADIUS Kelly Miller #p57ds% Customer requests connection and is forced to authenticate

Dynamic Profiles RADIUS RADIUS server identifies the customer

Dynamic Profiles RADIUS Server sends RADIUS Start record to the FortiGate unit

Dynamic Profiles RADIUS The FortiGate unit applies the dynamic profile firewall policy using information from the RADIUS server

Dynamic Profiles RADIUS Customer session is filtered by the profile group

Dynamic Profiles RADIUS On the RADIUS server, add a profile group name field to customer accounts that will be using dynamic profiles This name will be added to the RADIUS Start record sent by the server Configure the RADIUS server to send the Start record to the FortiGate unit

Dynamic Profiles RADIUS

Dynamic Profiles RADIUS

Dynamic Profiles RADIUS

Dynamic Profiles RADIUS To use dynamic profiles: Configure the RADIUS server for dynamic profiles Configure an optional UTM profile group Configure a dynamic profile firewall policy Identify the profile group or select All Dynamic Profile Users Only one firewall policy can be configured for dynamic profiles in a VDOM

LDAP LDAP Authentication Kelly Miller #p57ds% dc=com dc=acme ou=training cn=Kelly Miller Password: #p57ds% ? Click here to read more about LDAP authentication

LDAP LDAP Authentication Kelly Miller #p57ds% dc=com dc=acme ou=training cn=Kelly Miller Password: #p57ds% Click here to read more about LDAP authentication The FortiGate unit can send the user name and password to the LDAP server for authentication An LDAP server can be added as a user group All members will be able to authenticate

LDAP LDAP Authentication

LDAP LDAP Authentication Details of the LDAP server must be identified on the FortiGate unit The DN of LDAP server must be identified during server configuration on a FortiGate unit

TACACS+ Authentication Kelly Miller #p57ds% ? TACACS+ Kelly Miller #p57ds%

TACACS+ Authentication Kelly Miller #p57ds% TACACS+ Kelly Miller #p57ds% The FortiGate unit sends the user name and password to the TACACS+ server for verification A TACACS+ server can be added as a user group All members will be able to authenticate

TACACS+ Authentication TACACS+

TACACS+ Authentication TACACS+ The IP address of the TACACS+ servers along with its secret key must be identified on the FortiGate unit Select the authentication protocols to be used by the TACACS+ server: ASCII PAP CHAP MS-CHAP

Digital Certificate Authentication Certification Authority CA + User info Certificate Request Certificate Verified

Digital Certificate Authentication Certification Authority Digital certificates issued by trusted certification authorities can be used for authentication The certificate of the issuing authority must be installed on the FortiGate device to verify the digital signature on a user certificate Confirms certificate was issued by a trusted issuer

Directory Services Authentication Windows Active Directory Kelly Miller $d12*h1 classroom

Directory Services Authentication Windows Active Directory Kelly Miller $d12*h1 classroom User authenticates to Directory Services at logon Windows Active Directory Novel eDirectory Authentication information passed to FortiGate unit User automatically gets access to permitted resources without any further authentication operations Uses Fortinet Single Sign On

Labs Lab - LDAP Authentication Configuring LDAP Testing LDAP authentication Click here for step-by-step instructions on completing this lab

Student Resources Click hereClick here to view the list of resources used in this module

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.