2-Factor Authentication

A FortiToken is a code generator that generates a unique code for authentication. When this feature is enabled, the user must enter this code in addition to the username and password. The FortiGate appliance then verifies the FortiToken code in combination with username and password. This form of authentication can be used, for example, to set up a VPN connection, for administration access or to use a WLAN portal. Other options for this type of authentication include sending an e-mail or an SMS to the user logging in. In this case, the codes contained therein must be entered in addition to the login.

Leverage existing Fortinet appliances

Every FortiGate appliance from FortiOS 4.3. onwards offers the option of 2-factor authentication. An external and often cost-intensive server as well as expensive tokens with annual licences can thus be omitted. The time-based FortiToken offers strong authentication for IPsec VPN, SSL VPN, WLAN Captive Portals and FortiGate Administrator Login. The token is constantly time-synchronised with the FortiGate.

FortiGuard Key Management

The FortiGuard Center provides secure and convenient key management. After registration of the token S/N at the FortiGate, the FortiGuard Security Center distributes the associated keys to the respective FortiGates via a cloud-based secure infrastructure. If an identity-based rule requires it, a FortiGate is thus able to verify the 6-digit token password against its own database.

Integration with FortiAuthenticator

In conjunction with FortiAuthenticator, the use of the FortiToken can be very easily extended to more complex FortiGate environments as well as to 3rd party systems.

Standards and AAA Server Compatibility

The FortiToken is compatible with traditional local and remote access servers including Active Directory, LDAP and RADIUS. The FortiGate thus simultaneously manages both back-end communication with these servers and 2-factor authentication with the user. In combination with a FortiGate, the FortiToken complies with the OATH standard.

Resistant design

The FortiToken comes in a tamper-resistant case and the change-resistant internal memory prevents tampering with the dynamic password generator.

FortiToken Highlights

  • Low acquisition costs
  • Lifetime licence
  • Scalable
  • Use of existing FortiGate systems as authentication server
  • Simplified management through central token management in FortiGuard
  • Integration with FortiClient
  • Robust housing
  • Tamper-proof