How to use RSA SecureID on fortios 3.0

发布: 2007-6-20 23:14 | 作者: | 来源: | 查看: 27次 | 进入软件测试论坛讨论

You need to configure the RADIUS server to work with the RSA ACE/Server. See the RSA ACE/Server Administrator's Guide.

See the RSA ACE/Server Installation Guide.

You need to set up the FortiGate unit as an Agent Host within the RSA ACE/Server database.

On the RSA ACE/Server computer, go to Start > Programs > RSA ACE/Server, and then Database Administration - Host Mode.
On the Agent Host menu, select Add Agent Host.
In the Name field, enter a name for the FortiGate unit.
In the Network address field, enter the FortiGate unit IP address.
Select Secondary Nodes and define all hostname/IP addresses that resolve to the FortiGate unit.

If needed, refer to the RSA ACE/Server documentation for more information.

The FortiGate unit will use the RADIUS server to authenticate SecurID users.

Go to User > RADIUS and select Create New.
In the Name field, enter a name for the RADIUS server.
In the Server Name/IP and Server Secret fields, enter the appropriate information about the RADIUS server you configured for use with SecureID.

You need to create a user group with the SecurID RADIUS server as its only member.

Go to User > User Group.
Select Create New.
In the Name field, enter a name for the group.
In the Available Users/Groups list, select the RADIUS server you configured for use with SecureID.
Select the right arrow button to move the selected server to the Members list.
Select OK.

You can use the SecureID user group in several FortiGate features that authenticate by user group:

Firewall policies - select the Authentication checkbox and add the SecurID user group to the Allowed list.
XAuth in dialup VPN - in the VPN Phase 1 configuration Advanced settings, in the XAuth section, select Enable as Server and choose the SecurID user group.
PPTP VPN - in the PPTP configuration, choose the SecurID user group.