FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that RSA SecurID authentication integrates with RADIUS servers and is supported by the FortiGates.
FortiGates support user authentication to a RADIUS server, among others.
It is possible to add the name of a RADIUS server to the FortiGate user database to allow users to authenticate using the selected RADIUS server.
It is possible to disable a user name so that the user cannot authenticate.
Products
FortiGates running FortiOS 2.8 and 3.0 firmware.
Steps or Commands
To enable authentication, it is necessary to add user names to one or more user groups.
It is possible to add RADIUS servers to user groups.
When a user group that contains RADIUS server is selected to authenticate, the RADIUS server goes through the RSA ACE/Server to complete the authentication.
Through RADIUS servers, RSA SecurID authentication applies to the following FortiGate features:
- Any firewall policy with Action set to ACCEPT.
- IPSec dialup user phase 1 configurations.
- XAuth functionality for phase 1 IPSec VPN configurations.
- PPTP.
- L2TP.
For information on configuring a RADIUS server on a FortiGate, see the FortiGate User Authentication Guide on the Technical Documentation web site.
