Forti Authenticator User Authentication and Identity Management Copyright

Forti. Authenticator User Authentication and Identity Management © Copyright Fortinet Inc. All rights reserved.

Forti. Authenticator Overview Answering your authentication challenges Forti. Authenticator Authentication and Authorization • RADIUS, LDAP, 802. 1 X, Radius Proxy • SSO Mobility Agent • Web based login widget Two Factor Authentication Forti. AP Two-factor Auth Forti. Gate • Forti. Token, physical and mobile • Tokenless, via SMS and email Wireless Auth Certificate Management • X. 509 Certificate Signing, Certificate Revocation • Remote Device / Unattended Authentication Forti. Authenticator User Identity Forti. Authenticator Fortinet Single Sign on • Active Directory • Agent or agentless • Third party systems via RADIUS, Syslog and API Integration FSSO Forti. Authenticator www. brasiline. com. br Forti. Gate

Forti. Authenticator Overview Features & Benefits § Secure access to your organizations systems and data with identity based policy and two-factor authentication » Control access your intellectual property § Enable secure remote and guest network access whilst retaining control over security Two-factor Authentication » Allow business to flourish but not to the detriment of security § Reduce the operational burden of local and guest user management » Identify users and apply granular user policy » Integrate with existing user repositories (AD, LDAP) » User lifecycle management workflow User Authentication and Identity Management Wireless Authentication www. brasiline. com. br User Identity Confidential

Forti. Authenticator Use Cases Two-factor Authentication Username Token § Enable strong password security across your network and application estate Password » Secure remote access to critical systems Forti. Authenticator § Reduce operational overheads » Self-service password reset » Integration with existing LDAP and AD databases » Built in lost token workflow » Migration strategy from thirdparty vendor tokens LDAP/ Active Directory Protected Devices www. brasiline. com. br

Forti. Authenticator Use Cases Two-factor Authentication § Flexible range of token formats to suit all deployment requirements » OATH compatible TOTP (time) based tokens (FTK 200) » USB certificate tokens (FTK 300) » Forti. Token Mobile for Android, i. OS and Windows Mobile » SMS and Email tokens. Physical Mobile § Supports any RADIUS capable device Support for wide range of secure authentication methods API » Juniper, Cisco, F 5 , Array, Citrix etc » Microsoft Windows Domain Login and OWA www. brasiline. com. br Tokenless Certificate (BYOD)

Forti. Authenticator Use Cases Two-factor Authentication § Forti. Token Mobile: Supports Android, i. OS and Windows Mobile » 6 or 8 digit passcode, 30 or 60 s refresh » Free install, supports other TOTP & HOTP OATH tokens e. g. Google, Dropbox, Amazon » QR Code Provisioning support » PIN protection enforced from FAC § Perpetual license » Can be reissued if device is lost » Can be reissued if user leaves the organization www. brasiline. com. br

Forti. Authenticator Use Cases Wireless Authentication § Centralized Wi. Fi Authentication § Authenticate users (PEAP, EAP-TTLS) and machines. § Certificate based device authorization (EAP-TLS) for BYOD environments § In open guest or visitor networks, Forti. Authenticator can provide captive portal functions Forti. AP Forti. Gate www. brasiline. com. br Forti. Authenticator

Forti. Authenticator Use Cases Guest Management § User Self-registration § Collection of user details § Option to SMS login details (proof of identity) § Receptionist registration option Forti. Authenticator § Time limited accounts § Delete expired accounts Forti. AP § Support multiple locations § Coming soon: Facebook, Google, Linkedin, Twitter login Forti. Gate www. brasiline. com. br

Forti. Authenticator Use Cases Fortinet Single Sign-On § Identify users and apply identity based security policy » Forti. Authenticator transparent user identification collects and embellishes user identity information » Allows Forti. Gate, Forti. Mail and Forti. Cache devices to apply appropriate policy based on user identity and role » Granular control of network and application access Staff Guest Admin Corporate Resources Guest Access Define who can access what and when www. brasiline. com. br

Forti. Authenticator Use Cases Fortinet Single Sign-On § Transparent User Identity Active Directory Polling Kerberos with NTLM Fallback TS and AD Collector Agents AD & Windows Forti. Client SSO Mobility Agent Login Portal & Widgets REST API Syslog RADIUS Accounting Records Generic Sources Forti. Authenticator Forti. Gate www. brasiline. com. br

Forti. Authenticator Use Cases Certificate Authority § Simplifies the task of certificate management § Issue certificates for multiple uses: X » VPN Authentication » Wireless 802. 1 X (PEAP, EAP) » Windows Desktop Authentication » Compatible with FTK 300 USB PKI Certificate Store REVOKED www. brasiline. com. br

Forti. Authenticator Use Cases Certificate Based VPN § Strengthen and simplify VPN security » Certificate based VPN enhances traditional pre shared keys with second factor » Revoke certificates if device is lost (OCSP) » Zero touch certificate distribution (SCEP) » Integration with Forti. Manager to simplify deployment www. brasiline. com. br

Forti. Authenticator Use Cases RADIUS Accounting Proxy § Integrates Carrier/ISP networks with Fortinet RADIUS Single Sign-on » Minimises changes needed to critical business systems » Takes the additional load by duplicating RADIUS Packets Carrier / ISP RADIUS Server RADIUS Accounting § RSSO used to apply Identity Policy for Forti. Gate, Forti. Mail and Forti. Cache RADIUS Accounting www. brasiline. com. br

Forti. Authenticator Use Cases High Availability and Scalability § Active-Passive High Availability » Local sync with failover » Supports all features § Active-Active Config Sync § Geographic distribution § Load balance across devices (scalability) § Supports authentication feature sync (not FSSO) § Can be combined with Active Passive HA (A-P Master, standalone slaves) www. brasiline. com. br

Case Studies

Case Study: Medium Enterprise Identity Management Organization and Challenge Remote Workers § Online retail organization with mobile workforce and widespread BYOD adoption. § Incumbent Cisco wireless network, customer thought Cisco was the only option for gateway Identity Policy Forti. Gate Who We Beat § Cisco tried to claim that the only way to perform Identity Based Firewalling was using their own ISE and ASA. Forti. Authenticator proved this wrong and have kept Fortinet in the running for the Wifi refresh Guests WAN Forti. Authenticator Why We Won § Ability to consume user identity from Cisco wireless network (vis RADIUS Accounting) § Fully inclusive guest management and registration features What They Bought § 2 x Forti. Authenticator 200 D (HA) § 2 x Forti. Gate 600 C (HA) Multiple user groups / domains § Still in the game for Wifi refresh www. brasiline. com. br

Case Study: Local Government Identity Management Organization and Challenge Remote Workers § Regional govt. requiring transparent identity aware firewalling § 5, 000 users with granular permissions across 3 domain controllers, 2 domains Forti. Gate Who We Beat § Juniper , Check. Point, Sonic. Wall FAC gathers user identity and forwards to FGT Guests WAN Forti. Authenticator Why We Won § Multiple identity detection methods § AD Polling combined with RADIUS (VPN) and guest portal § Fully inclusive guest management and registration features What They Bought § 2 x Forti. Authenticator 1000 D (HA) § 2 x Forti. Gate 1000 D (HA) Multiple user groups / domains www. brasiline. com. br

Case Study: Enterprise Identity Management 3 Datacenters Organization and Challenge § Multinational enterprise with 3 Datacenters, 90 branches and 17, 000 users throughout the world. Forti. Gate Clusters § Mobile workforce means users could be on any site. Who We Beat WAN § Palo. Alto, Juniper Why We Won FAC gathers user identity and selectively forwards identity to relevant FGT Forti. Authenticator Active Directory § Performance and scalability of user identity detection § Selective distribution of login events to local site and core …… What They Bought § 3 x Forti. Authenticator 3000 D 90 Remote Sites § 9 x Forti. Gate 3600 C § 90 x Forti. Gate 110 C www. brasiline. com. br

Case Study: Enterprise Two-Factor Auth Multiple Datacenters Organization and Challenge § Enterprise organization requiring secure multi-factor authorization for heterogeneous range of devices § Integration with existing LDAP/AD infrastructure Who We Beat § RSA, Safenet Why We Won Forti. Authenticator § Secure provisioning strategy (CD) Internet § Physical and Soft token support § Support for wide range of client devices and Windows Desktop login Home Workers What They Bought § 2 x Forti. Authenticator 400 C § 100 x Forti. Token 200 § 500 x Forti. Token Mobile Network Operations Center www. brasiline. com. br

Forti. Authenticator Ordering Information • • • Forti. Authenticator 200 D Forti. Authenticator 400 C Forti. Authenticator 1000 D Forti. Authenticator 3000 D Small / Mid Enterprise Deployments Support up to 500 users HDD – 1 x 1 TB 4 x 10/1000 Rack Mountable, 1 U Single AC PSU Mid Enterprise Deployments Support up to 2, 000 users HDD – 1 x 1 TB 4 x 10/1000 Rack Mountable, 1 U Single AC PSU Large Enterprise/Service Provider Deployments • Support up to 10, 000 users • HDD – 2 x 2 TB • 4 x 10/1000 • 2 x SFP • Rack Mountable, 2 U • Dual AC PSU Large Enterprise/Service Provider Deployments • Support up to 40, 000 users • HDD – 2 x 2 TB • 4 x 10/1000 • 2 x SFP • Rack Mountable, 2 U • Dual AC PSU • • • Forti. Authenticator VM All Sized Deployments from SME to Service Provider Deployments • From 100 to 1 M+ users • Unlimited CPU • Unlimited RAM **Fully Stackable User Licensing** www. brasiline. com. br

Competitive

Forti. Authenticator vs Forti. Gate Feature Comparison Area Feature Forti. Gate Auth Two-factor Auth w. Forti. Token � � Auth Multiple Forti. Gate per token � � Auth Support third party vendors � � Auth User password reset � � Auth User self registration � � Auth Support multiple realms � � FSSO AD Polling � � FSSO DC & TS Agent � � FSSO Kerberos � � FSSO RADIUS Accounting FSSO Syslog û (FSSO) � (RSSO) � www. brasiline. com. br Forti. Authenticator � (Both) �

Competitive Landscape Two-factor Auth Wireless Auth Forti. Authenticator User Identity www. brasiline. com. br

Feature Comparison – User Identity Feature Forti. Auth Palo. Alto User-ID Cisco Identity Services Engine Juniper Pulse UAC * Checkpoint Identity Awareness Blade Identity DC Polling � � � Microsoft Windows Environments DC Agent � � � Terminal Services Agent � � � Kerberos � � � Microsoft Exchange � � � Identity Endpoint Agent � � � Non-Microsoft Windows Environments Captive Portal � � � Embeddable Widgets � � � SYSLOG � � � Open API � � � RADIUS Accounting � � � LDAP/AD � � � Local override � � � Authorization * Note that the Pulse Product line is now owned and supported by Pulse Secure www. brasiline. com. br � (IF-MAP) �

Feature Comparison – Two Factor Auth Feature Type Feature Deployment Appliance � � � Software � � � Virtual Machine � � � Cloud � � Tokens Agents Forti. Auth User Self Service RSA Physical Token ü (Time) � (Event) ü (USB Cert) ü (Time) ü (Event) ü (USB Cert) ü (Time) Mobile Token ü ü ü Desktop Token � (Mac) � (Win) ü (Mac) ü (Win) Tokenless ü SMS ü Email ü Gr. IDsure ü SMS ü Email (i. OS) (Andriod) (Win. Mo) (BB) Windows Domain 2 FA � � � Outlook Web Access 2 FA � � � Sharepoint Integration Safenet Roadmap Auth Methods ü RADIUS ü LDAP � SAML ü API ü RADIUS � LDAP ü SAML ü API External User repositories ü ü ü AD ü LDAP � RADIUS ü MSSQL Local AD LDAP RADIUS � ü AD ü LDAP (Oracle only) www. brasiline. com. br � Vasco