Fortinet black logo

Administration Guide

Home FortiProxy 7.0.0 Administration Guide
7.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Create or edit a TACACS server

Create or edit a TACACS server

To add a TACACS+ server:

  1. In the TACACS+ server list, select Create New from the toolbar. The New TACACS+ Server window opens.

  2. Configure the following:

    Name

    Enter the name of the TACACS+ server.

    Server IP/Name

    Enter the server domain name or IP address of the TACACS+ server.

    Server Secret

    Enter the key to access the TACACS+ server. The server key can be a maximum of 16 characters in length.

    Authentication Type

    Select the authentication type to use for the TACACS+ server: Auto, MSCHAP, CHAP, PAP, or ASCII.

    Auto authenticates using PAP, MSCHAP, and CHAP, in that order. For more information, see Authentication protocols.

  3. Click OK to create the new TACACS+ server.

To edit a TACACS+ server:

  1. Select the TACACS+ server you want to edit and then click Edit from the toolbar or double-click on the address in the address table. The Edit TACACS+ Server window opens.

  2. Edit the server information as required and click OK to apply your changes.

Authentication protocols

ASCII

Machine-independent technique that uses representations of English characters. Requires user to type a user name and password that are sent in clear text (unencrypted) and matched with an entry in the user database, which is stored in ASCII format.

PAP

Password Authentication Protocol (PAP). Used to authenticate PPP connections. Transmits passwords and other user information in clear text.

CHAP

Challenge-Handshake Authentication Protocol (CHAP). Provides the same functionality as PAP but is more secure because it does not send the password and other user information over the network to the security server.

MSCHAP

Microsoft Challenge-Handshake Authentication Protocol v1 (MSCHAP). Microsoft-specific version of CHAP.

Auto

The default protocol configuration, Auto, uses PAP, MSCHAP, and CHAP, in that order.
Previous
Next

Create or edit a TACACS server

To add a TACACS+ server:

  1. In the TACACS+ server list, select Create New from the toolbar. The New TACACS+ Server window opens.

  2. Configure the following:

    Name

    Enter the name of the TACACS+ server.

    Server IP/Name

    Enter the server domain name or IP address of the TACACS+ server.

    Server Secret

    Enter the key to access the TACACS+ server. The server key can be a maximum of 16 characters in length.

    Authentication Type

    Select the authentication type to use for the TACACS+ server: Auto, MSCHAP, CHAP, PAP, or ASCII.

    Auto authenticates using PAP, MSCHAP, and CHAP, in that order. For more information, see Authentication protocols.

  3. Click OK to create the new TACACS+ server.

To edit a TACACS+ server:

  1. Select the TACACS+ server you want to edit and then click Edit from the toolbar or double-click on the address in the address table. The Edit TACACS+ Server window opens.

  2. Edit the server information as required and click OK to apply your changes.

Authentication protocols

ASCII

Machine-independent technique that uses representations of English characters. Requires user to type a user name and password that are sent in clear text (unencrypted) and matched with an entry in the user database, which is stored in ASCII format.

PAP

Password Authentication Protocol (PAP). Used to authenticate PPP connections. Transmits passwords and other user information in clear text.

CHAP

Challenge-Handshake Authentication Protocol (CHAP). Provides the same functionality as PAP but is more secure because it does not send the password and other user information over the network to the security server.

MSCHAP

Microsoft Challenge-Handshake Authentication Protocol v1 (MSCHAP). Microsoft-specific version of CHAP.

Auto

The default protocol configuration, Auto, uses PAP, MSCHAP, and CHAP, in that order.
Previous
Next