Remote access
The number of remote workers is increasing, and networks are expanding into thin branch networks and the cloud. Secure remote access is advancing to meet the requirements of increasingly distributed environments. Assess your requirements and review the available options to determine the solution that best meets your requirements.
Fortinet has IPsec and SSL VPN options. SSL VPN has two modes: tunnel and web.
Regardless of the chosen remote access method, there are several options to enhance the security of the connection:
-
Remote authentication servers
Integrating a remote server for user accounts avoids duplicating accounts on the FortiGate, enabling scalability and reducing human caused errors.
-
Certificates
As a VPN gateway, the FortiGate that you are connecting to can utilize server certificates to prove its identity to the connecting device without requiring confirmation from the end user.
User certificates can be used in place of passwords. Administrators should assign a unique certificate to each user.
-
Multi-factor authentication
MFA increases the difficulty for an attacker that is trying to establish a connection using a compromised account.
-
TLS version and cipher suites
Setting a minimum TLS version and using high strength cipher suites can enhance security.