Manage and Secure Remote Access to Fortinet Network Appliances


Work from anywhere is not limited to employees of small and medium-sized enterprises (SMEs). Many IT teams and Managed Service Providers (MSPs) operate in distributed teams, requiring secure access to network infrastructure and timely management of user lifecycles. However, these fundamental security controls are too often ignored when internal budgets or asking a customer to spend more on remote access fails to address potential security risks.

This article is the first in a series of tutorials that demonstrate how to use the capabilities of JumpCloud to achieve better security at a lower cost using a centralized platform that includes everything needed to secure access to your appliance. It has the added benefit of providing single sign-on (SSO) beyond this scenario, providing identity and access management (IAM) for every service your organization may use, and eliminating password management. pass. everywhere.

Fortinet is the maker of some of the most popular next-generation firewalls (NGFWs), and its devices have interfaces for using its security products or configuring external vendors. The prerequisites for securing Fortinet NGFW access with JumpCloud services are:

  • JumpCloud RADIUS Services
  • JumpCloud MFA Services
    • An authenticator app that supports time-based one-time password (TOTP)
  • JumpCloud Cloud Directory Groups

Three pillars for better access control

JumpCloud enables a RADIUS challenge to embed TOTP tokens from JumpCloud Protect™ Multi-Factor Authentication (MFA). User passwords are changed to include a token each time a user logs into the appliance. Users are managed from JumpCloud directory groups, which are tied to a RADIUS configuration specific to your NGFW. The directory determines that each group within this group must be registered with MFA services to connect to any service JumpCloud connects them to, including your firewall device. A service account on the Fortinet device determines the level of administrator rights assigned.

Configuring JumpCloud RADIUS, MFA

Each JumpCloud account includes RADIUS services, which are configured using the following steps.

To configure RADIUS MFA for a new server:

  1. Log in to the JumpCloud admin portal:
  2. Navigate to User Authentication > RADIUS.
  3. Click (+). The New RADIUS Server panel appears.
  4. (Read more…)

Comments are closed.