Fortinet white logo
Fortinet white logo

Administration Guide

Adding FortiAuthenticator to your network

Adding FortiAuthenticator to your network

Before setting up FortiAuthenticator, there are some requirements for your network:

  • You must have security policies that allow traffic between the client network and the subnet of the FortiAuthenticator.
  • You must ensure that the following ports are open in the security policies between the FortiAuthenticator and authentication clients, in addition to management protocols such as HTTP, HTTPS, telnet, SSH, ping, and other protocols you may choose to allow:
    • UDP/161 (SNMP)
    • UDP/1812 (RADIUS Auth)
    • UDP/1813 (RADIUS Accounting)
    • UDP/8002 (DC/TS Agent FSSO)

    • TCP/389 (LDAP)
    • TCP/636 (LDAPS)
    • TCP/8000 (FortiGate FSSO)
    • TCP/2560 (OCSP)
    • TCP/8001 (FortiClient Single Sign-On Mobility Agent FSSO)
    • TCP/8002 (TS Agent FSSO)
    • TCP/8003 (Hierarchical FSSO)
To setup FortiAuthenticator on your network:
  1. Log in to the GUI with the username admin and no password.
  2. Go to System > Network > DNS. Enter your internal network primary and secondary name server IP addresses. This is essential for successful FSSO operation. See DNS for more information.
  3. Go to System > Network > Static Routing and create a default route (IP/Mask 0.0.0.0/0) to your network gateway on the interface that connects to the gateway. See Static routing for more information.
  4. Go to System > Dashboard > Status.
  5. In the System Information widget select Change in the System Time field, and select your Time zone from the list.
  6. Either enable the NTP or manually enter the date and time. See Configuring the system date, time, and time zone for more information.

    Enter a new time and date by either typing it manually, selecting Today or Now, or select the calendar or clock icons.

    If you plan to use FortiToken devices, Fortinet strongly recommends using NTP. FortiToken Time based authentication tokens are dependent on an accurate system clock.
  7. Select OK.
  8. If the FortiAuthenticator is connected to additional subnets, configure additional FortiAuthenticator interfaces as required. See Network for more information.

Adding FortiAuthenticator to your network

Adding FortiAuthenticator to your network

Before setting up FortiAuthenticator, there are some requirements for your network:

  • You must have security policies that allow traffic between the client network and the subnet of the FortiAuthenticator.
  • You must ensure that the following ports are open in the security policies between the FortiAuthenticator and authentication clients, in addition to management protocols such as HTTP, HTTPS, telnet, SSH, ping, and other protocols you may choose to allow:
    • UDP/161 (SNMP)
    • UDP/1812 (RADIUS Auth)
    • UDP/1813 (RADIUS Accounting)
    • UDP/8002 (DC/TS Agent FSSO)

    • TCP/389 (LDAP)
    • TCP/636 (LDAPS)
    • TCP/8000 (FortiGate FSSO)
    • TCP/2560 (OCSP)
    • TCP/8001 (FortiClient Single Sign-On Mobility Agent FSSO)
    • TCP/8002 (TS Agent FSSO)
    • TCP/8003 (Hierarchical FSSO)
To setup FortiAuthenticator on your network:
  1. Log in to the GUI with the username admin and no password.
  2. Go to System > Network > DNS. Enter your internal network primary and secondary name server IP addresses. This is essential for successful FSSO operation. See DNS for more information.
  3. Go to System > Network > Static Routing and create a default route (IP/Mask 0.0.0.0/0) to your network gateway on the interface that connects to the gateway. See Static routing for more information.
  4. Go to System > Dashboard > Status.
  5. In the System Information widget select Change in the System Time field, and select your Time zone from the list.
  6. Either enable the NTP or manually enter the date and time. See Configuring the system date, time, and time zone for more information.

    Enter a new time and date by either typing it manually, selecting Today or Now, or select the calendar or clock icons.

    If you plan to use FortiToken devices, Fortinet strongly recommends using NTP. FortiToken Time based authentication tokens are dependent on an accurate system clock.
  7. Select OK.
  8. If the FortiAuthenticator is connected to additional subnets, configure additional FortiAuthenticator interfaces as required. See Network for more information.