Firewall Authentication Flashcards
What are three methods of firewall authentication?
- Local password
- Server-based password
- Two-factor
Where are local accounts stored?
Locally on FortiGate
What is a way to configure server-based password authentication?
- Create a user account locally, specify authentication server
- Add the authentication server to a user group
Where can you configure POP3?
CLI
What is the benefit of creating user accounts on FortiGate for server-based authentication?
Can configure MFA
What is LDAP?
An application protocol for accessing and maintaining distributed directory information services
What is RADIUS?
A standard protocol that provides AAA services
What must be done on the RADIUS server to allow functionality with FortiGate?
FortiGate must be listed as a client on the RADIUS server
What are some methods of OTP delivery?
- FortiToken
- Email/SMS
- FortiToken mobile push
What needs to sync for FortiToken to work?
- Time
- Seed
How many soft token activates do you get for each FortiGate before you have to purchase more?
2
What are some ways to alter active authentication behavior?
- Enable authentication on every policy that could match the traffic
- Enable a captive portal on the ingress interface for traffic
- Enforce authentication on demand (CLI)
What happens with authentication if there is a fall-through policy in place?
Unauthenticated users are not prompted for authentication
What are the types of authentication timeout?
- Idle
- Hard
- New
What is the default authentication timeout behavior?
- Idle
- 5 minutes
