Adding FortiAuthenticator to your network
Before setting up FortiAuthenticator, there are some requirements for your network:
- You must have security policies that allow traffic between the client network and the subnet of the FortiAuthenticator.
- You must ensure that the following ports are open in the security policies between the FortiAuthenticator and authentication clients, in addition to management protocols such as HTTP, HTTPS, telnet, SSH, ping, and other protocols you may choose to allow:
- UDP/161 (SNMP)
- UDP/1812 (RADIUS Auth)
- UDP/1813 (RADIUS Accounting)
- TCP/389 (LDAP)
- TCP/636 (LDAPS)
- TCP/8000 (FortiGate FSSO)
- TCP/2560 (OCSP)
- TCP/8001 (FortiClient Single Sign-On Mobility Agent FSSO)
- TCP/8002 (DC/TS Agent FSSO)
- TCP/8003 (Hierarchical FSSO)
To setup FortiAuthenticator on your network:
- Log in to the GUI with the username
admin and no password.
- Go to System > Network > DNS. Enter your internal network primary and secondary name server IP addresses. This is essential for successful FSSO operation. See DNS for more information.
- Go to System > Network > Static Routing and create a default route (IP/Mask 0.0.0.0/0) to your network gateway on the interface that connects to the gateway. See Static routing for more information.
- Go to System > Dashboard > Status.
- In the System Information widget select Change in the System Time field, and select your Time zone from the list.
- Either enable the NTP or manually enter the date and time. See Configuring the system date, time, and time zone for more information.
Enter a new time and
date by either typing it manually, selecting Today or Now, or select the calendar or clock icons.
||If you will be using FortiToken devices, Fortinet strongly recommends using
FortiToken Time based authentication tokens are dependent on an accurate
- Select OK.
- If the FortiAuthenticator is connected to additional subnets, configure additional FortiAuthenticator interfaces as required. See Interfaces for more information.