Fortinet black logo

Introduction

Copy Link
Copy Doc ID 81cf7374-eb04-11eb-97f7-00505692583a:818675
Download PDF

Introduction

FortiAuthenticator-VM is a virtual appliance designed specifically to provide authentication services for multiple devices, including firewalls, SSL and IPsec VPNs, wireless access points, switches, routers, and servers. FortiAuthenticator includes a RADIUS, TACACS+ and LDAP server. Authentication servers are an important part of an enterprise network, controlling access to protected network assets, and tracking users’ activities to comply with security policies.

FortiAuthenticator is not a firewall; it requires a FortiGate appliance to provide firewall-related services. Multiple FortiGate units can use a single FortiAuthenticator appliance for Fortinet Single Sign On (FSSO) and other types of remote authentication, two-factor authentication, and FortiToken device management. This centralizes authentication and FortiToken maintenance.

FortiAuthenticator provides an easy-to-configure remote authentication option for FortiGate users. Additionally, it can replace the FSSO Agent on a Windows AD network.

Whilst FortiAuthenticator is a hardened server it should be installed with adequate protection from the Internet. Management protocols should be configured on private networks and only the resources required exposed to the outside.

The FortiAuthenticator-VM delivers centralized, secure two-factor authentication for a virtual environment with a stackable user license for the greatest flexibility. Supporting from 100 to 1 million+ users, the FortiAuthenticator-VM supports the widest range of deployments, from small enterprise right through to the largest service provider.

Caution

Failure to protect the FortiAuthenticator may result in compromised authentication databases.

This document includes an overview of the FortiAuthenticator-VM, its deployment with Nutanix, and information on how to perform an initial configuration.

Introduction

FortiAuthenticator-VM is a virtual appliance designed specifically to provide authentication services for multiple devices, including firewalls, SSL and IPsec VPNs, wireless access points, switches, routers, and servers. FortiAuthenticator includes a RADIUS, TACACS+ and LDAP server. Authentication servers are an important part of an enterprise network, controlling access to protected network assets, and tracking users’ activities to comply with security policies.

FortiAuthenticator is not a firewall; it requires a FortiGate appliance to provide firewall-related services. Multiple FortiGate units can use a single FortiAuthenticator appliance for Fortinet Single Sign On (FSSO) and other types of remote authentication, two-factor authentication, and FortiToken device management. This centralizes authentication and FortiToken maintenance.

FortiAuthenticator provides an easy-to-configure remote authentication option for FortiGate users. Additionally, it can replace the FSSO Agent on a Windows AD network.

Whilst FortiAuthenticator is a hardened server it should be installed with adequate protection from the Internet. Management protocols should be configured on private networks and only the resources required exposed to the outside.

The FortiAuthenticator-VM delivers centralized, secure two-factor authentication for a virtual environment with a stackable user license for the greatest flexibility. Supporting from 100 to 1 million+ users, the FortiAuthenticator-VM supports the widest range of deployments, from small enterprise right through to the largest service provider.

Caution

Failure to protect the FortiAuthenticator may result in compromised authentication databases.

This document includes an overview of the FortiAuthenticator-VM, its deployment with Nutanix, and information on how to perform an initial configuration.