Fortinet
Páginas: 12 (2883 palabras)
Publicado: 22 de noviembre de 2010
RSA SecurID Ready Implementation Guide
Last Modified: Tuesday, March 30, 2004
1. Partner Information
Partner Name Web Site Product Name Version & Platform Product Description Fortinet Technologies Inc. www.fortinet.com FortiOS 2.8 Fortinet’s award-winning FortiGate™ series of ASIC-accelerated Antivirus Firewalls are the new generation of real-time network protection systems. They detect andeliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time — without degrading network performance. The FortiGate systems deliver a full range of network-level services — firewall, VPN, intrusion detection and traffic shaping — as well as application-level services such as antivirus and contentfiltering, in dedicated, easily managed platforms. Perimeter Defense
Product Category
2. Contact Information
E-mail Sales Contact sales@fortinet.com Support Contact Americas: amer_support@fortinet.com Asia: apac_support@fortinet.com Europe: eu_support@fortinet.com 866-648-4638 www.fortinet.com/support
Phone Web
408-235-7700 www.fortinet.com
1
3. Solution Summary
RSA SecurIDauthentication integrates with RADIUS servers and is supported by the FortiGate units with the FortiOS version 2.8 firmware. FortiGate units support user authentication to a RADIUS server, among others. You can add the name of a RADIUS server to the FortiGate user database to allow users to authenticate using the selected RADIUS server. You can disable a user name so that the user cannotauthenticate. To enable authentication, you must add user names to one or more user groups. You can add RADIUS servers to user groups. When you select a user group that contains RADIUS server to authenticate, the RADIUS server goes through the RSA ACE/Server to complete the authentication. Through RADIUS servers, RSA SecurID authentication applies to the following FortiGate features: • • • • • any firewallpolicy with Action set to ACCEPT IPSec dialup user phase 1 configurations XAuth functionality for phase 1 IPSec VPN configurations PPTP L2TP
Feature Authentication Methods Supported RSA ACE/Agent Library Version RSA ACE 5 Locking Replica RSA ACE/Server Support Secondary RADIUS/TACACS+ Server Support Location of Node Secret on Client RSA ACE/Server Agent Host Type RSA SecurID User SpecificationRSA SecurID Protection of Administrators
Details RADIUS N/A No N/A N/A None stored Communication server RSA SecurID N/A
The following diagram illustrates the interaction among a FortiGate unit, a RADIUS server, and a RSA ACE/Server with a SecurID token.
FortiGate unit
RSA SecurID authentication applies to any firewall policy with Action set to ACCEPT, IPSec dialup user phase 1configurations, XAuth functionality for phase 1 IPSec VPN configurations, PPTP, and L2TP.
RADIUS server
RSA ACE/Server + SecurID token
2
4. Product Requirements
• • Hardware requirements
FortiGate 60, FortiGate 100, FortiGate 300, FortiGate 500, FortiGate 800, FortiGate 1000, FortiGate 3000, FortiGate 3600, and FortiGate 4000.
Software requirements
Component Name: Operating System FortiOSWeb browser Version (Patch-level) 2.8 IE 4.0 and up
3
5. RSA ACE/Server configuration
In order for the FortiGate unit to support SecurID authentication, you need to: • • • configure the RADIUS server configure the RSA ACE/Server to support the RSA Radius server in the RSA ACE /Server 5.1 for Windows/Unix installation guides set up the FortiGate unit as an Agent Host within the RSAACE/Server’s database
•
Configuring the RADIUS server
For information about configuring the RADIUS server for use with the RSA ACE/Server, see the RSA ACE/Server Administrator’s Guide.
•
Configuring the RSA ACE/Server
For information about configuring the RSA ACE/Server to support the RSA Radius server, see the RSA ACE/Server Installation Guide.
•
Setting up the FortiGate unit as an...
Last Modified: Tuesday, March 30, 2004
1. Partner Information
Partner Name Web Site Product Name Version & Platform Product Description Fortinet Technologies Inc. www.fortinet.com FortiOS 2.8 Fortinet’s award-winning FortiGate™ series of ASIC-accelerated Antivirus Firewalls are the new generation of real-time network protection systems. They detect andeliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time — without degrading network performance. The FortiGate systems deliver a full range of network-level services — firewall, VPN, intrusion detection and traffic shaping — as well as application-level services such as antivirus and contentfiltering, in dedicated, easily managed platforms. Perimeter Defense
Product Category
2. Contact Information
E-mail Sales Contact sales@fortinet.com Support Contact Americas: amer_support@fortinet.com Asia: apac_support@fortinet.com Europe: eu_support@fortinet.com 866-648-4638 www.fortinet.com/support
Phone Web
408-235-7700 www.fortinet.com
1
3. Solution Summary
RSA SecurIDauthentication integrates with RADIUS servers and is supported by the FortiGate units with the FortiOS version 2.8 firmware. FortiGate units support user authentication to a RADIUS server, among others. You can add the name of a RADIUS server to the FortiGate user database to allow users to authenticate using the selected RADIUS server. You can disable a user name so that the user cannotauthenticate. To enable authentication, you must add user names to one or more user groups. You can add RADIUS servers to user groups. When you select a user group that contains RADIUS server to authenticate, the RADIUS server goes through the RSA ACE/Server to complete the authentication. Through RADIUS servers, RSA SecurID authentication applies to the following FortiGate features: • • • • • any firewallpolicy with Action set to ACCEPT IPSec dialup user phase 1 configurations XAuth functionality for phase 1 IPSec VPN configurations PPTP L2TP
Feature Authentication Methods Supported RSA ACE/Agent Library Version RSA ACE 5 Locking Replica RSA ACE/Server Support Secondary RADIUS/TACACS+ Server Support Location of Node Secret on Client RSA ACE/Server Agent Host Type RSA SecurID User SpecificationRSA SecurID Protection of Administrators
Details RADIUS N/A No N/A N/A None stored Communication server RSA SecurID N/A
The following diagram illustrates the interaction among a FortiGate unit, a RADIUS server, and a RSA ACE/Server with a SecurID token.
FortiGate unit
RSA SecurID authentication applies to any firewall policy with Action set to ACCEPT, IPSec dialup user phase 1configurations, XAuth functionality for phase 1 IPSec VPN configurations, PPTP, and L2TP.
RADIUS server
RSA ACE/Server + SecurID token
2
4. Product Requirements
• • Hardware requirements
FortiGate 60, FortiGate 100, FortiGate 300, FortiGate 500, FortiGate 800, FortiGate 1000, FortiGate 3000, FortiGate 3600, and FortiGate 4000.
Software requirements
Component Name: Operating System FortiOSWeb browser Version (Patch-level) 2.8 IE 4.0 and up
3
5. RSA ACE/Server configuration
In order for the FortiGate unit to support SecurID authentication, you need to: • • • configure the RADIUS server configure the RSA ACE/Server to support the RSA Radius server in the RSA ACE /Server 5.1 for Windows/Unix installation guides set up the FortiGate unit as an Agent Host within the RSAACE/Server’s database
•
Configuring the RADIUS server
For information about configuring the RADIUS server for use with the RSA ACE/Server, see the RSA ACE/Server Administrator’s Guide.
•
Configuring the RSA ACE/Server
For information about configuring the RSA ACE/Server to support the RSA Radius server, see the RSA ACE/Server Installation Guide.
•
Setting up the FortiGate unit as an...
Leer documento completo
Regístrate para leer el documento completo.