Manuals / Fortinet / Computer Equipment / Network Card

Fortinet v3.0 MR7 manual TACACS+ servers, Ascii

Models: v3.0 MR7

1 66
Download 66 pages 4.08 Kb
Page 25
Image 25

 

 

Authentication servers

TACACS+ servers

TACACS+ servers

In recent years, remote network access has shifted from terminal access to LAN access. Users are now connecting to their corporate network (using notebooks or home PCs) with computers that utilize complete network connections. Remote node technology allows users the same level of access to the corporate network resources as they would have if they were physically in the office. When users connect to their corporate network remotely, they do so through a remote access server. As remote access technology has evolved, the need for network access security has become increasingly important.

Terminal Access Controller Access-Control System (TACACS+) is a remote authentication protocol that provides access control for routers, network access servers, and other networked computing devices via one or more centralized servers. TACACS+ allows a client to accept a username and password and send a query to a TACACS+ authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies network access to the user. The default TCP port for a TACACS+ server is 49. You can only change the default port of the TACACS+ server using the CLI.

There are several different authentication protocols that TACACS+ can use during the authentication process:

ASCII

Machine-independent technique that uses representations of English characters. Requires user to type a user name and password that are sent in clear text (unencrypted) and matched with an entry in the user database stored in ASCII format.

PAP (password authentication protocol)

Used to authenticate PPP connections. Transmits passwords and other user information in clear text.

CHAP (challenge-handshake authentication protocol)

Provides the same functionality as PAP, but is more secure as it does not send the password and other user information over the network to the security server.

MS-CHAP (Microsoft challenge-handshake authentication protocol v1) Microsoft-specific version of CHAP.

The default protocol configuration, Auto, uses PAP, MS-CHAP, and CHAP, in that order.

Configuring the FortiGate unit to use a TACACS+ authentication server

The maximum number of remote TACACS+ servers that can be configured for authentication is 10.

To configure the FortiGate unit for TACACS+ authentication - web-based manager

1Go to User > Remote > TACACS+ and select Create New.

2Enter the following information, and select OK.

FortiOS v3.0 MR7 User Authentication User Guide

 

01-30007-0347-20080828

25

Page 24 Page 26
Page 25
Image 25
Fortinet v3.0 MR7 manual TACACS+ servers, Ascii
Page 24 Page 26