Fortinet FortiAuthenticator-200D
Contents
1. RATIMNET FortiAuthenticator User Identity Management and Single Sign On FortiAuthenticator user identity management appliances strengthen enterprise security by simplifying and centralizing the management and storage of user identity information Enterprise Network Identity Policy Network and Internet access is key for almost every role within the enterprise however this requirement must be balanced with the risk that it brings The key objective of every enterprise is to provide secure but controlled network access enabling the right person the right access at the right time without compromising on security Fortinet Single Sign On is the method of providing secure identity and role based access to the Fortinet connected network Through integration with existing Active Directory or LDAP authentication systems it enables enterprise user identity based security without impeding the user or generating work for network administrators FortiAuthenticator builds on the foundations of Fortinet Single Sign on adding a greater range of user identification methods and greater scalability FortiAuthenticator is the gatekeeper of authorization into the Fortinet secured enterprise network identifying users querying access permissions from third party systems and communicating this information to FortiGate devices for use in Identity Based Policies FortiAuthenticator delivers transparent identification via a wide range of method2. HOTOLESHOESLESEEEEEED HOSED Additional Functionality Strong User Identity with Two factor Authentication FortiAuthenticator extends two factor authentication capability to multiple FortiGate appliances and to third party solutions that support RADIUS or LDAP authentication User identity information from FortiAuthenticator combined with authentication information from Forti Token ensures that only authorized individuals are granted access to your organization s sensitive information This additional layer of security greatly reduces the possibility of data leaks while helping companies meet audit requirements associated with government and business privacy regulations FortiAuthenticator supports the widest range of tokens possible to suit your user requirements With the physical time based FortiToken 200 FortiToken Mobile for iOS and Android e mail and SMS tokens FortiAuthenticator has a token options for all users and scenarios Two factor authentication can be used to control access to applications such as FortiGate management SSL and IPSEC VPN Wireless Captive Portal login and third party RADIUS compliant networking equipment To streamline local user management FortiAuthenticator includes user self registration and password recovery features COCO OOH SHEET EHEHEE HEHEHE OSEOHOSEOOEEEESEHEE SESE E OEE ESEOHEE TEESE ESSE EESEOEEESOOHEEESEEESHESHEEEESOEEEOSOOHESEOHEEE ESE EESESEEEOOS Additional Features amp Benefits RA
3. DIUS and LDAP User Authentication POPPE SSEHH EE HOOEESOHEOT EOE HOE ETHOS OE ETOS SE OHSSEESOETE SEH EEHSHEESOEHE SOSH EESEHEE SESH EEEEHSOEESEOOEEEOEHOE OO ESOTETESHHE TES EHES EO SESEEEOEDD Strong authentication provided by FortiAuthenticator via hardware tokens e mail SMS e mail and digital certificates help to enhance password security and mitigate the risk of password disclosure Wide Range of Strong Authentication Methods POPPE OEE EEHEEE EEE HEEL EHO EO HEE EESOOS ET ETOOEE SETHE OOTOO SEH EHOSEEEOH OEE S OTHE SEH EEOEEEEOHOEEHOTE EES HOHE EEHEEHEEEEOEE SESH OELESEEEEEED HOSES RADIUS Accounting Login In a network which utilizes RADIUS authentication e g wireless or VPN authentication RADIUS Accounting can be used as a user identification method This information is used to trigger user login and to provide IP and group information removing the need for a second tier of authentication Enterprise Certificate Based VPNs Site to site VPNs often provide access direct to the heart of the enterprise network from many remote locations Often these VPNs are secured simply by a preshared key which if compromised could give access to the whole network FortiOS support certificate based VPNs however use of certificate secured VPNs has been limited primarily due to the overhead and complexity introduced by certificate management FortiAuthenticator removes this overhead involved by streamlining the bulk deployment of certificate
4. E EEOHH EEE EEEOSOTEESOHH TEE OTEOT EE SESOSHTEEOSEOS TE SETET EES ESEEETESETESELES EES POPC O HSE EOEEEHHE EEE SEHOE EOE EEOHEO TEESE E TOSSES ESSE OE OOSSOEEETESEEEEESESEOEEES EES POPC COS OOS ESOL EHO OSEEHEOH EEE EEHOE ETE OHEOT EEE EESOH ETE HTESH EES ESHOEEEEHHEOTELEEOSELEEE EES HIGHLIGHTS POO OOH SEE EHE HEE HOHH EEE HOHE OE EEHEE EHH O OSS ESEOHEE HOES ETOH E ETE ESOOHEE ESOS OOEESOEEE ESOS FortiAuthenticator Single Sign On User Identification Methods FortiAuthenticator can identify users through a varied range of methods and integrate with third party LDAP or Active Directory systems to apply group or role data to the user and communicate with FortiGate for use in Identity based policies FortiAuthenticator is completely flexible and can utilize these methods in combination For example in a large enterprise AD polling or FortiAuthenticator SSO Mobility Agent may be chosen as the primary method for transparent authentication with fallback to the portal for non domain systems or guest users POOH E OHHH EHH EEE SHOES TOSSES OSES H ETH OEE OEEOEHEEE ESO EEESOOH ESE OHE SEH SEHEE SESE ESOS ESEOHE SHOES OE ETOH EEETEEEEESOOHET ESOT E SESH E SETHE EOE SOHEOEOHEE SESE HS SHOOT ETHOS E HOSES HEEEES Active Directory Polling Login Portal amp Widgets ss Agent Accounting Records Group info from External LDAP AD vA Active Directory Polling User authentication into act
5. EE TEEHE TTC ETEE TEE HSE HEE HEEOE TE EOEE TEE OESH ELSES EHE TEESE TET EESEHETETSETTETSEH TEESE EESESEEEDESE ELE L ORES EEE EEE ELLE EEO ELE SPECIFICATIONS FORTIAUTHENTICATOR 200D FORTIAUTHENTICATOR 400C FORTIAUTHENTICATOR 1000D FORTIAUTHENTICATOR 3000D Hardware 10 100 1000 Interfaces Copper RJ 45 Power Supply System Performance Total Users Local Remote single 480W Auto Ranging 100V 240V single 480W Auto Ranging 100V 240V Dual 480W Auto Ranging 100V 240V 10 000 Dual 480W Auto Ranging 100V 240V User Certificates Dimensions Height x Width x Length in 200 000 SW et On Environment Form Factor 23 Ibs 10 43 kg Rack Mountable 1 RU 23 Ibs 10 43 kg Rack Mountable 1 RU 30 6 los 13 9 kg Rack Mountable 2 RU 55 3 los 25 1 kg Rack Mountable 2 RU Humidity System Standards Supported Management Compliance Safety 10 90 non condensing 10 90 non condensing 5 95 non condensing 20 80 non condensing 10 100 1000 Base TX GbE 1000 IP Telnet HTTP 1 0 1 1 SSL RS232 NTP Client RFC1305 RADIUS RFC2865 LDAP RFC4510 x 509 RFC5280 Certificate Revocation RFC3280 PKCS 1 2 Certificate Import PKCS 10 CSR Import RFC2986 Online Certificate Status Protocol RFC 2560 EAP TLS RFC2716 simple Certificate Enrollment Protocol SCEP CLI Direct Console DB9 CLI HTTPS FCC Part 15 Class A C Tick VCCI CE UL
6. ES OSHOEE OS EOEESEESEHHEE OO SSOHEE SH SEHHOE OOS OOEE ESE SEHOEE OO SSOHE ES ESEHOOESOSSOEE OS HSEHEEESOSSOHEOTESEHOEE OO SEOEEESESEEEEE DENS Allows security administrator to give users access to the relevant network and application resources appropriate to their role while retaining control and minimizing risk POPC SOHO EH EES TEE TEESE EH HHHO EOE EHEES EO OEEO EES EHS OEE E THRE S SEO SOO E SHOOT ESEHE SECO TOES EET ESHEETS EHH OOT EET EHHOE OSE OTOOS OTTO SHOE ETE OTEET ETE EOSET OTE HTEET ET EEESOETECEHEOT EEE EESELESEEEEESEOOOENS Enablement of identity and role based security FortiGuard Threat Research amp Response www fortiguard com FortiCare Worldwide 24x7 Support support fortinet com FortiAuthenticator 2000 FortiAuthenticator FSSO Features e Enables identity and role based security policies in the Fortinet secured enterprise network without the need for additional authentication through integration with Active Directory e Strengthens enterprise security by simplifying and centralizing the management of user identity information Additional FortiAuthenticator Features e Secure Iwo factor OTP Authentication with full support for Forti Token e RADIUS and LDAP Authentication e Certificate management for enterprise VPN deployment e EEE802 1X support for wired and wireless network security COC COOH E SOOT OHHH EEESOHSE ETOH EESOOHEEHESSESESEOEE SESH EETEESEESEOHEEETESEEEEESEOEES POPS S OSES SS
7. cUL CB FCC Part 15 Class A C Tick VCCI CE UL cUL CB FCC Part 15 Class A C Tick VCCI CE BSMI KC UL cUL CB GOST FCC Part 15 Class A C Tick VCCI CE BSMI KC UL cUL CB GOST VIRTUAL APPLIANCES Capacity Local Users FAC VM BASE FAC VM 100000 UG 100000 User Certificates Virtual Machine Hypervisors Supported FiATINET Formaumnerticator 10000 o 00000000 FortiAuthenticator 1000D 4 FAC VM 100 UG FAC VM 1000 UG FAC VM 10000 UG 100 1000 10000 100 1000 10000 200 2000 20000 10 100 1000 10 100 1000 0 50 500 100 1000 10000 FortiAuthenticator 3000D FortiAuthenticator Virtual Appliance ORDERING INFORMATION SKU Description FAC 200D FortiAuthenticator 200D 4x 10 100 1000 ports 1x 1 TB HDD C FAC 400C 0 FortiAuthenticator 400C 4x 10 100 1000 ports 1x 1TB HDD FAC 1000D E07S FortiAuthenticator 1000D 4x 10 100 1000 ports 2x SFP interfaces 2x2 TB HDD 00 C FAC 3000D FortiAuthenticator 3000D 4x 10 100 1000 ports 2x SFP interfaces 2x2 TB HDD 00 C FAC VM Base Base FortiAuthenticator VM with 100 user license Unlimited CPU FAC VM 100 UG FortiAuthenticator VM with 100 user license upgrade 00 FACVM 1000 UG FortiAuthenticator VM with 1000 user license upgrade 00 FAC VM 10000 UG FortiAuthenticator VM with 10 000 user license upgrade 000 FAC VM 100000 UG FortiAuthent
8. eer ere rere ere eee reer e eer rereeer rere rerrerere rer reser errr errr ereeeerrrec rere reser erer ese rere e ee rrreereerrreeeereerererere eer rreee eer reee errr ree errrer ere ree eee ere rer errr Integration with Active Directory Integration with existing directory simplifies deployment speeds up installation times and reutilizes and LDAP existing development POCO O OSE SEHHEEEOEH SE EEHE TEESE TE SEHE HE ESO TE SEOS EE ESOEEEEHEH ES OTE TEE OHHT HESS TO SEES OSES STEHT EEEEHE EES OEEETEEETOTE FESO EH EEE OEE TEE SESE ETS EOEH EEE EOOE TT ESEOE TE EOHSHEEEHOEHESOTE ESOS ESOT EEEEDEEESOEE EEO EESOTESETHO THESES ETO EESHE TE TOTE ET TETOHEESESES ET ESEOEEEEEEEEEESESEEEEEESEBEEEDEDEEE Streamlined certificate management enables rapid cost effective deployment of certificate based authentication methods such as VPN POOP ES EHH EEE TE HES OEHOEE ESSE EEHOE ESET O SOOO SEE ESEOH OE HOHEE HOSES ESE OEESEHEE ESSE EE ETHOS SOOO E EO ESOEHHOSOEEEESEOEE ES OEEOE EE ESOEEEOSOEHE ESTEE ESTES OS HOEEESEOOEEEEESHEEEESEEEEE SOOO SHOTS OEE SESE EO SOOH EES OSSS EE SESSEEOOSOOHE SHOES SHSEHEEE SESE ESEOHEESESEOEEE ESTEE ED EEEEE Deliver enterprise port access control to validate users connection to the LAN and Wireless LAN to prevent unauthorized access to the network COCR OTE EOE TEESE HEL EHESEEEEHEEEEEH EE EES EET EE OES OSE EET EEE ET EEEE TE EEEET EEO EH SEE HOLES EE EEEH EET EEHE TO SEHEH OEE EEEEE TOTO OE EOEE TOT SESO EE SET EET OEE SETTEESEET EE SETS
9. icator VM with 100 000 user license upgrade 00 FC1 10 OACVM 248 02 12 1 Year 24x7 FortiCare Contract 1 500 users FC2 10 OACVM 248 02 12 1 Year 24x7 FortiCare Contract 1 1100 users FC3 10 OACVM 248 02 12 1 Year 24x7 Forticare Contract 1 5100 users FC4 10 OACVM 248 02 12 1 Year 24x7 FortiCare Contract i 10100 users FC5 10 OACVM 248 02 12 1 Year 24x7 FortiCare Contract i 50100 users 0 FC6 10 OACVM 248 02 12 1 Year 24x7 FortiCare Contract i 100100 users GLOBAL HEADQUARTERS EMEASALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE mi TI B a T Fortinet Inc 120 rue Albert Caquot 300 Beach Road 20 01 Prol Paseo de la Reforma 115 Int 702 FT m 1090 Kifer Road 06560 Sophia Antipolis The Concourse Col Lomas de Santa Fe Sunnyvale CA 94086 France Singapore 199555 C P 01219 United States Tel 33 4 8987 0510 Tel 65 6513 3730 Del Alvaro Obreg n Tel 1 408 235 7700 Fax 33 4 8987 0501 Fax 65 6223 6784 M xico D F Fax 1 408 235 7737 Tel 011 52 55 5524 8480 Copyright 2013 Fortinet Inc All rights reserved Fortinet FortiGate and FortiGuard are registered trademarks of Fortinet Inc and other Fortinet names herein may also be trademarks of Fortinet All other product or company names may be trademarks of their respective owners Performance metrics contained herein were attained in internal lab tests under ideal conditions and performance may vary Network variables different network environme
10. ive directory is detected by regularly polling domain controllers When a user login is detected the username IP and group details are entered into the FortiAuthenticator User Identity Management Database and according to the local policy can be shared with multiple FortiGate devices FortiAuthenticator SSO Mobility Agent For complicated distributed domain architectures where polling of domain controllers is not feasible or desired an alternative is the FortiAuthenticator SSO Client Distributed as part of FortiClient or as a standalone installation for Windows PCs the client communicates login IP stack changes Wired gt Wireless wireless network roaming and logout events to the FortiAuthenticator removing the need for polling methods FortiAuthenticator Portal and Widgets For systems which do not support AD polling or where a client is not feasible FortiAuthenticator provides an explicit authentication portal This allows the users to manually authenticate to the FortiAuthenticator and subsequently into the network To minimize the impact of repeated logins required for manual authentication a set of widgets is provided for embedding into an organization s intranet which automatically logs the users in through the use of browser cookies whenever they access the intranet homepage HIGHLIGHTS POPC OCOHO EEE O THESE HSEH EEO SEES EOOEH EEO HEHEHE EOEEH COT OOS EES OOSE TOTO E OHO ETO OT HOSES ETO EH EHH OEE SOSH SEHEEOCEH HOH EEE
11. nts and other conditions may affect performance results Nothing herein represents any binding commitment by Fortinet and Fortinet disclaims all warranties whether express or implied except to the extent Fortinet enters a binding written contract signed by Fortinet s General Counsel with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein For absolute clarity any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests Fortinet disclaims in full any guarantees Fortinet reserves the right to change modify transfer or otherwise revise this publication without notice and the most current version of the publication shall be applicable Certain Fortinet products are licensed under U S Patent No 5 623 600 FST PROD DS FAUIM FAC DAT R7 201312
12. s e Polling of an Active Directory Domain Controller e Integration with FortiAuthenticator Single Sign On Mobility Agent which detects login IP address changes and logout e FSSO Portal based authentication with tracking widgets to reduce the need for repeated authentications e Monitoring of RADIUS Accounting Start records COPS S HOHE OHHH ETEHHEESOOHE SHOES EO ESO E SETHE OTTO H ES HEHEEEOSSOE ES ETOET ESSE ES OSHSE SOHO E SOSH E EE ESOSSEEESOOHE EHTS SE SE ESOE ES ESOHEESSOOHE SESE EEOESOEESEHESE ESSE EESOOHEE TEESE EESEE EE ESEEEES Key Features amp Benefits FSSO Transparent User Identification POPC S OEE EEEEEHO SES OSHOETESEOE SESE OOOO E TOOTH TSO OTO TSE SHEET TE OEHHE OE ESHS ET ES ESET SESE OET ES ESOSE SES OSEOS TES ET OSE TESOSEOS EES ES HOTS ES OSEOS TES ETHSETESHSEOS TE SESHETEEEOSEOTH TEETH S ESTES OSEESEESESS Utilizes existing systems for network authorization information reducing deployment times and streamlining management processes Integration with existing procedures for user management POPC OO SOHO OHO HEEEEEOHOE EEO TOSHEESESOHOEESOSOOHEEEOEHHOEEEHSOOHEET ETOH ESESEOEEES EES Integration with LDAP and AD for group membership COCO O OOH E EEO EEO EEO HOOHHEHOEHOEHE ESSE OE HOES SO OTOET EOS OTHEEHOESOOE SHOES ES ESHE EEO SHHSEE EOS OSHEESOSOHOEE SOS OEHEE SOTHO EOS OOHEES OTOH SOSOOHE OS ESOHOEEEOTOOHEES ESET EEOTEOHEESESEEOEEOENS CO PCO HOSE ESEEEE HEE ETEHOOHSEHO OEE OSOOE OOS OEEOE ES OTOEEEOSSOHETEOTEH O
13. s for VPN use in a FortiGate environment by cooperating with FortiManager for the configuration and automating the secure certificate delivery via the SCEP protocol For client based certificate VPNs certificates can be created and stored on the FortiToken300 USB Certificate store This secure pin protected certificate store is compatible with FortiClient and can be used to enhance the security of client VPN connections in conjunction with FortiAuthenticator POPC SOHO EHOH EEO OHO ESEOHE EH EEEOEESEHEEEESEEEEOTOOEES HOES E SESH EE SETS OSEOHEEEOOHEEESESE SEO SHSEEESEOHEESEOHEEHEEHEEHSEHEEEESEOHEESOOEESE COPS OOOH SEE SEHTEEEEEHE TES EEO EES ESEO HOE EOHEHEESEHH SES OEHOTESESO TEE E TOES ESTHET OSEHOEESOTSOEEESSOS SS OSOOEEEEOHSEE SEES ES ESEE EOE ESOE OE ESODEEE replay or brute forcing PPPOE S CEES CEOS O EEE EEE E SETHE EEE ETOH ET OTOH TEEEE EE ETE TE SOE TE EOET EES E LESSEE TEESE ETE EOE TEE EOEH EE SEEOOE TE EEEETESOEET EE SETO EES ETOEH EE EEEETEESETT EES EES EET EETE TTC E TEETH ET EEE SOLE OE TEE EEET ELSES OEETEEOOE TET OEETEEEEESEETETSETEEETEHT EE EEEH EE EEEEE EEE ESEE ELE HEHE LESSEE EELS OEE User Self registration and Reduces the need for administrator intervention by allowing the user to perform their own registration Password Recovery and resolve their own password issues which also improves user satisfaction eee eee eee eee eee eee eee eee eee eee eee eee eee eee eee eee Eee eee e eee Eee eee eee eee eee ere e eee eee e errr
Download Pdf Manuals
Related Search