Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Published byJustin Simmons Modified over 9 years ago

Similar presentations

Presentation on theme: "Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating."— Presentation transcript:

1 Remote User Authentication

2 Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating users that are contained in databases external to the FortiGate unit Configure LDAP Authentication

3 Remote User Authentication LDAP Directory Services TACACS+ RADIUS Remote Users Digital certificates Click here to read more about authentication methods

4 Remote User Authentication LDAP Directory Services TACACS+ RADIUS Remote Users Digital certificates Click here to read more about authentication methods The information used to authenticate users is stored on a remote server The FortiGate unit sends the user’s credentials to the remote server for validation Best for situations where multiple FortiGate units need to authenticate the same users

5 Remote User Authentication LDAP Directory Services TACACS+ RADIUS Digital certificates

6 Remote User Authentication LDAP Directory Services TACACS+ RADIUS Digital certificates The FortiGate unit must be configured to access the external servers used to authenticate the users Administrators can create an account for the user locally and specify the server to verify the password or Administrators can add the authentication server to a user group All users in that server become members of the group

7 RADIUS Authentication Kelly Miller #p57ds% ? RADIUS Kelly Miller #p57ds%

8 RADIUS Authentication Kelly Miller #p57ds% RADIUS Kelly Miller #p57ds% The FortiGate unit sends the user name and password to the RADIUS server for verification A RADIUS server can be added as a user group All members will be able to authenticate

9 RADIUS Authentication RADIUS

10 RADIUS Authentication RADIUS The IP address of the primary and secondary RADIUS servers along with their secret key must be identified on the FortiGate unit A Fortinet Vendor-Specific Attributes (VSA) dictionary is provided to identify the RADIUS attributes used by the FortiGate unit

11 RADIUS and SecureID Authentication RSA ACE/Server ? RADIUS

12 RADIUS and SecureID Authentication RSA ACE/Server RADIUS A RADIUS server and an RSA ACE/Server can be configured to work together to verify the password displayed on the SecureID token The FortiGate unit must be configured to access the RADIUS server in addition to being configured as an Agent Host in the RSA ACE/Server A user group for the SecureID users must be created on the FortiGate unit

13 Dynamic Profiles Customer identifying information can be stored in the RADIUS server When a user authenticates using RADIUS, the FortiGate unit can use a dynamic profile to extract the customer information and process traffic according to the dynamic profile firewall policy RADIUS Start record is sent to the FortiGate device Allows different groups of users to have different levels of access For example, parental controls

14 Dynamic Profiles Kelly Miller #p57ds% ? RADIUS Kelly Miller #p57ds% Customer requests connection and is forced to authenticate

15 Dynamic Profiles RADIUS RADIUS server identifies the customer

16 Dynamic Profiles RADIUS Server sends RADIUS Start record to the FortiGate unit

17 Dynamic Profiles RADIUS The FortiGate unit applies the dynamic profile firewall policy using information from the RADIUS server

18 Dynamic Profiles RADIUS Customer session is filtered by the profile group

19 Dynamic Profiles RADIUS On the RADIUS server, add a profile group name field to customer accounts that will be using dynamic profiles This name will be added to the RADIUS Start record sent by the server Configure the RADIUS server to send the Start record to the FortiGate unit

20 Dynamic Profiles RADIUS

21 Dynamic Profiles RADIUS

22 Dynamic Profiles RADIUS

23 Dynamic Profiles RADIUS To use dynamic profiles: Configure the RADIUS server for dynamic profiles Configure an optional UTM profile group Configure a dynamic profile firewall policy Identify the profile group or select All Dynamic Profile Users Only one firewall policy can be configured for dynamic profiles in a VDOM

24 LDAP LDAP Authentication Kelly Miller #p57ds% dc=com dc=acme ou=training cn=Kelly Miller Password: #p57ds% ? Click here to read more about LDAP authentication

25 LDAP LDAP Authentication Kelly Miller #p57ds% dc=com dc=acme ou=training cn=Kelly Miller Password: #p57ds% Click here to read more about LDAP authentication The FortiGate unit can send the user name and password to the LDAP server for authentication An LDAP server can be added as a user group All members will be able to authenticate

26 LDAP LDAP Authentication

27 LDAP LDAP Authentication Details of the LDAP server must be identified on the FortiGate unit The DN of LDAP server must be identified during server configuration on a FortiGate unit

28 TACACS+ Authentication Kelly Miller #p57ds% ? TACACS+ Kelly Miller #p57ds%

29 TACACS+ Authentication Kelly Miller #p57ds% TACACS+ Kelly Miller #p57ds% The FortiGate unit sends the user name and password to the TACACS+ server for verification A TACACS+ server can be added as a user group All members will be able to authenticate

30 TACACS+ Authentication TACACS+

31 TACACS+ Authentication TACACS+ The IP address of the TACACS+ servers along with its secret key must be identified on the FortiGate unit Select the authentication protocols to be used by the TACACS+ server: ASCII PAP CHAP MS-CHAP

32 Digital Certificate Authentication Certification Authority CA + User info Certificate Request Certificate Verified

33 Digital Certificate Authentication Certification Authority Digital certificates issued by trusted certification authorities can be used for authentication The certificate of the issuing authority must be installed on the FortiGate device to verify the digital signature on a user certificate Confirms certificate was issued by a trusted issuer

34 Directory Services Authentication Windows Active Directory Kelly Miller $d12*h1 classroom

35 Directory Services Authentication Windows Active Directory Kelly Miller $d12*h1 classroom User authenticates to Directory Services at logon Windows Active Directory Novel eDirectory Authentication information passed to FortiGate unit User automatically gets access to permitted resources without any further authentication operations Uses Fortinet Single Sign On

36 Labs Lab - LDAP Authentication Configuring LDAP Testing LDAP authentication Click here for step-by-step instructions on completing this lab

37 Student Resources Click hereClick here to view the list of resources used in this module

Download ppt "Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Introduction to Fortinet Unified Threat Management

Introduction to Fortinet Unified Threat Management
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Fortinet Single Sign On

Fortinet Single Sign On
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Configuring Routing and Remote Access(RRAS) and Wireless Networking

Configuring Routing and Remote Access(RRAS) and Wireless Networking
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.

Similar presentations

Ads by Google