Created on 08-31-2021 05:27 AM Edited on 09-23-2022 02:10 AM By Anthony_E
Description
This article describes that when push notifications are enabled, users can accept or deny authentication requests directly from a notification on the unit.
Solution
Push is a 3-way conversation between:
FortiAuthenticator will send the push request to the Notification Server which will forward it to the client.
The client will be directed to forward their response to the "Public IP/FQDN for FortiToken Mobile".
The port you specify in the "Public IP/FQDN for FortiToken Mobile" setting does not matter, but the final response that reaches your FortiAuthenticator needs to be on port TCP/443.
Note that any changes made to the "Public IP/FQDN for FortiToken Mobile" setting will not be picked up until the FortiAuthenticator has rebooted.
To configure FTM push on FortiAuthenticator.
1) Before push notifications can be enabled, a Public IP/FQDN for FortiToken Mobile must be configured from System -> Administration -> System Access.
If the FortiAuthenticator is behind a firewall, the public IP/FQDN will be an IP/port forwarding rule directed to one of the FortiAuthenticator interfaces.
FortiAuthenticator IP= 192.168.1.10
FortiGate's Public IP = X.X.X.X
a). Configure the PublicIP:Port in FortiAuthenticator
Go to System > Administration > System Access
- Public IP/FQDN for FortiToken Mobile = X.X.X.X:33443 <---- The port can be any value
b). Create VIP object in FortiGate
Go to Policy & Objects > Virtual IPs > Create New.
- External IP address = X.X.X.X
- Mapped IP address = 192.168.1.10
- Port Forwarding = ON
- External service port = TCP/33443 <---- This port matches the port in step (1)
- Map to port = TCP/443 <---- This port needs to be TCP/443
c) Create FortiGate Firewall policy
Go to Policy & Objects > IPv4 Policy > Create New.
- Incoming = WAN interface
- Outgoing = LAN interface to FortiAuthenticator
- Source = Any
- Destination = VIP object created in step (2)
- Service = ALL
- NAT = OFF
Detailed authentication flow for Fortitoken Push:
Other related KBs:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.