You can authentication remote fortimail clients using the Jumpcloud Radius-as-a-Service cloud hosted.
The JumpCloud radius servers are located at the following ipv4 address.The are hosted in a google cloud instance
1st, you need to ensure the fortimail has a clear path for communication on udp/1812 for the 2 radius servers.
2nd, you will configure the jump cloud for your radius-client ( the actual fortimail device )
3rd, we will define radius end-users using the "+" for adding new users. The interface is simple but very effective and you should have no problem defining the user details.
you can have a mix of external authentication and local for various users and mail-domains
Here's the profile that we will use;
And the user-name with authentication options;
And then back in jump cloud we will define the radius_client cfg by defining the ipv4 address , and secret for each fortimail device.
And that's all you need for the authentication of the fortinet fortimail to a RADIUSaaS
The mail-client upon activation , will get a email-notice and link for reset the password.
You might NOT be able to apply dual RADIUS SERVER in you profile, so if you set a internal LB-VIP , & stick both jumpcloud nodes in a pool behind that vip you can have redundant RADIUS servers for authenications
e.g ( inside VIP with the jumpcloud nodes as pool members )
( FGT_OS SLB CFG or any SLB )
config firewall vip
edit "jumpcloud"
set uuid 41bbc114-0053-51e7-f7a3-46fbfce6ac39
set type server-load-balance
set extip 1.1.1.1
set extintf "lan"
set extport 1812
set server-type udp
config realservers
edit 1
set ip 104.154.91.253
set port 1812
next
edit 2
set ip 104.196.54.120
set port 1812
next
end
next
end
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment