Sections

Personal tools

You are here: Home → Documentation & Support → How Tos → How to add WiKID two-factor authentication to a Fortinet VPN

Navigation

Key Links: > Buy WiKID Online
> Test the Client
> Test the Server
> Read the WiKID Blog
> Chat with us on #wikid
> Contact Us

What people are saying

Feeds and Bookmarks: Digg this!; Del.ico.us; Google; Yahoo bookmarks; Reddit; Spurl; Simpy

Contact Us: WiKID Systems, Inc.
1375 Peachtree St.
Suite 600
Atlanta, Ga. 30309
866-244-1876
irc.freenode.net: #wikid

How to add WiKID two-factor authentication to a Fortinet VPN

This document describes how-to combine two-factor authentication from WiKID with Fortinet's award-winning remote access VPNs.

We assume that you have already installed Fortinet VPN-1/Fortigate. This document provides information on how to enable the Radius interface on Fortigate to accept one-time passwords from the WiKID Strong Authentication System.

Start by adding a Radius server on the Fortigate:

Go to User > RADIUS and select Create New.
In the Name field, enter a name for the WiKID server.
In the Server Name/IP and Server Secret fields, enter the appropriate information for the WiKID server and choose a shared secret.

Configure users for two-factor authentication:

Go to User > User Group.
Select Create New.
In the Name field, enter a name for the group. These will be the users that will require two-factor authentication for VPN access
In the Available Users/Groups list, select the WiKID server you configured above.
Select the right arrow button to move the selected server to the Members list.
Select OK.

On the WiKID Server, be sure to enable Radius:

Click on the 'Configuration' tab in the WiKIDAdmin web interface.
Click on 'Enable Protocols'
If Radius is not Enabled, click on it.
You should be able to leave the settings as is and click 'Initialize'.

Next we add a specific network client for the Fortigate firewall/vpn:

Click on the 'Network Client' Tab
Click on 'Create New Network' Client
Create a name such as "Fortigate Two-factor VPN"
Choose a WiKID domain to the network client
Select 'Radius' as the protocol
Click 'Add'
On the next page, enter the Shared Secret created above. Leave the Return Attributes empty (unless you know what you're doing)
Click 'Add NC'
From a terminal window, stop and start the WiKID Strong Authentication Server. This will open up the firewall port to the new network client.

That is it. Now you should have properly configured two-factor authentication for your Fortigate VPN and Firewall. You should now be able to generate an one-time password from a Windows, Java, Blackberry, J2ME or Palm tokens and get access to your VPN.

Start using WiKID today

Recent Changes: Download Two-Factor Authentication Information & White Papers Jan 05, 2009; How to configure Apache to use Radius for Two-factor Authentication on Ubuntu Dec 31, 2008; Using FreeNX to secure Terminal Services and VNC with two-factor authentication Dec 30, 2008; Re:TACACS+ - The good and the bad Dec 26, 2008; Re:TACACS+ - The good and the bad Dec 25, 2008; All recent changes…

Got Questions? Get Answers.