Tuesday, March 7, 2017

Using jump cloud RADIUS for fortimail external authentication

Here's a blog started which will be a series of jumpcloud configurations  for the FTNT fortimail appliance. This 1st up is a HOWTO with RADIIUS

You can  authentication remote fortimail clients using  the Jumpcloud  Radius-as-a-Service cloud  hosted.

The   JumpCloud radius servers are located at the following ipv4 address.The are hosted in a google cloud instance



1st, you need to ensure the fortimail has a clear path for communication on udp/1812 for the 2 radius servers.

2nd, you will configure the jump cloud  for your radius-client ( the actual fortimail device )



3rd, we will  define  radius  end-users  using the "+" for adding new users. The interface is simple but very effective and you should have no problem defining the user details.











Next, we will set the fortimail  appliance for radius by defining a radius-profile and users  with authentication type set for radius vrs local.



you can have a mix of external authentication and local for various users and mail-domains




Here's the profile that we will use;




And the user-name with authentication options;








And then back in  jump cloud we will define the radius_client  cfg by defining the ipv4 address , and secret for each fortimail device.






And that's all you need for the authentication  of the  fortinet fortimail to a RADIUSaaS


The mail-client upon activation ,  will  get a email-notice and link for reset the password.






You might NOT be able to apply  dual RADIUS SERVER in you profile,  so if you set a internal LB-VIP , & stick both jumpcloud  nodes in a pool behind that vip you can have redundant  RADIUS servers for authenications



e.g ( inside VIP  with the jumpcloud nodes as pool members )














































( FGT_OS  SLB CFG  or any SLB )


config firewall vip
    edit "jumpcloud"
        set uuid 41bbc114-0053-51e7-f7a3-46fbfce6ac39
        set type server-load-balance
        set extip 1.1.1.1
        set extintf "lan"

        set extport 1812
        set server-type udp
            config realservers
                edit 1
                    set ip 104.154.91.253
                    set port 1812
                next
                edit 2
                    set ip 104.196.54.120
                    set port 1812
                next
            end
    next
end





Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 

        /  \

No comments:

Post a Comment