0 introduction, 1 scope of document, 2 prerequisites – HID ActivID AAA OOB & SSL User Manual

4TRESS AAA Out-of-Band Authentication (SMS) and SSL VPN Fortinet | Integration Handbook

External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 3

1.0

Introduction

FortiGate® appliances provide enterprise-class protection against network, content, and application-level threats
for any deployment, from small offices to large enterprises, service providers, and carriers. Providing secure
access via a VPN over existing Internet connections requires strong, two-factor authentication to protect
resources. The HID Global Identity Assurance™ solutions that work with FortiGate appliances incorporate SSL
VPN solutions with versatile, strong authentication that is flexible, scalable, and simple to manage. There are two
solutions:

• 4TRESS AAA Server for Remote Access—Addresses the security risks associated with a mobile workforce

remotely accessing systems and data.

• 4TRESS Authentication Server (AS)—Offers support for multiple authentication methods that are useful for

diverse audiences across a variety of service channels (SAML, RADIUS, etc.), including user name and
password, mobile and PC soft tokens, one-time passwords, and transparent Web soft tokens.

1.1

Scope of Document

This document explains how to set up 4TRESS AAA Web token authentication with FortiGate solutions. Use this
handbook to enable out-of-band authentication when using an SSL-protected FortiGate VPN.

1.2

Prerequisites

• The 4TRESS AAA Server is up-to-date (v6.7) with LDAP users and groups already configured.

• FortiGate version greater than 4.0,build 0513,120130 (MR3 Patch 5) installed and configured.

• The Web soft token is configured to work with a PIN.

• User phone numbers are declared in a functioning LDAP server.