Fortinet - FortiGate and FortiToken for a secure corporate network in the home office

Many network administrators are currently facing new challenges due to the Corona pandemic. Many employees are said to work from home via the home office. Nevertheless, the connection to the company network should be secure. The problem is that employees often use their own computers at home for home office tasks. Computers over which the administrators have no control.

To ensure a secure connection, a VPN connection is the first choice. In this case, a firewall provides the VPN gateway. You can choose whether you want to enable the VPN connection via a client on the computer or use an "on-the-fly" solution. The FortiGate firewalls also offer a function with which a VPN tunnel can be created via a browser window. This means that any Internet-capable computer with a modern browser can be used. It is then not necessary to install client software and configure the connection. This relieves administrators when employees can access company data quickly and conveniently.

But what happens if the access data is spied out? Then the company network would be open to any attacker. A risk that should not be ignored under any circumstances.
This is where multi-factor authentication comes in, for example via a code generator such as the FortiToken.

The FortiToken is available both as hardware and as an app for smartphones.

The concept is simple and effective. You then connect to something you know, the credentials, and something you have, the code generated by the token.

The FortiToken generates a multi-digit code every 30 seconds based on an algorithm. This runs synchronously on the other side. Access is only granted if the access data and token code match.

The good thing is, if one of the two factors is lost, access is still secure.

Two examples:

• There is spyware on the home office that spies on the access data. But since the token code is generated on a separate, independent device, the spyware has no access to it. The attacker cannot then connect to the company network to spy on or attack it.
• A bag containing a laptop and the token is stolen from an outside employee. But since the thief does not know the access data, the token cannot be used to penetrate the company network.

Only if someone has both is a connection possible.

Alternatively, if the employee uses devices provided by the company, a small FortiGate firewall could be used, which would then set up a VPN tunnel to the central company firewall, through which the devices could then be used as usual. For example, Voice-over-IP telephones. This way, the employee can also be reached from home via the normal extension number. This offers the additional advantage that only devices authorised by the employer are used. As an administrator, one still has control over which devices are in the network and how they are secured. In addition, the devices would be separated from the rest of the home network.

If you are interested in using FortiToken or FortiGate firewalls for home office installation, we offer a customised home office bundle specifically for FortiGate firewalls. In the purchase of a firewall, as well as a licence with manufacturer support for one year, we also offer a pre-configuration of the FortiGate. This would then only need to be sent to the end user. After installation, it can then be used immediately.

If you still have questions or need support, please feel free to contact us by phone, email or our contact form.