12.4 Configuring Integration with FortiGate

These instructions will help you to configure integration of Advanced Authentication Appliance Edition with the Fortinet FortiGate to refuse non-secure passwords.

The advanced authentication in Fortinet FortiGate is represented on the following diagram.

To get started, ensure that you have:

  • Fortinet FortiGate virtual appliance v5 (Firmware version 5.2.5, build 8542 was used to prepare these instructions)

  • Advanced Authentication v5 appliance

Configure the Advanced Authentication RADIUS server:

  1. Open the Advanced Authentication Administrative Portal.

  2. Go to the Events section.

  3. Open properties of the Radius Server event.

  4. Set the Radius Server event to the ON mode.

  5. Select one or more chains from the list of Used chains (make sure that they are enabled and set to the users group in the Chains section).

  6. Add a Client, enter an IP address of the FortiGate appliance, specify a secret, confirm it and set the Enabled option.

  7. Click the Save button in the Client string. Click the Save button at the bottom of the Events view to save changes.

Configure the FortiGate appliance:

  1. Sign-in to FortiGate configuration portal as admin.

  2. Check which Virtual Domain bound to the network interface.

  3. Open Radius Server configuration for an appropriate Virtual Domain and setup required settings.

  4. Click Test Connectivity button, enter credentials of Advanced Authentication Framework administrator to test the connection.

  5. Create a user group and bind it to remote authentication server.

  6. Create user and place is in the created group.

How to authenticate in FortiGate using the Advanced Authentication:

  1. Enter user’s credentials and click Login.

  2. Enter OTP and click Login.

NOTE:The Token Code field has a 16 digits limitation, so you may get problems when using the YubiKey tokens which enters 18-20 digits code.