Saturday, April 29, 2017

IronWIFI for fortigate admin authentication

In this post we will look at the RADIUS-aaS  using IronWifi.

https://www.ironwifi.com/

IRONWifi was designed around the support for a cloud based Wifi authentication systems . It works great and is used by numerous  guest and hotels based WIFI solutions &  that needs to authentication users.

Here I will demo a straight configuration using a IronWIFI radius-server for  a fortigate user.

On IronWIFI you will need a portal account in order to select a radius server region and create the RADIUS_users.  The offer demo  access and pricing solutions that will meet most ORGs needs.

They will provide a specific RADIUS-server port  for the auth/acct function which are not the well known radius services udp1812/1813 . The pricing  model of IronWiFi makes it economical if you need to support array of APs and numerous users. We  are going to use it for a fortigate-firewall &  for a local defined system admin user in this case kfelix.

Here's the cfg on the fortigate, it's identical to any other radius user cfg, btw.


You will need the  IronWiFi RADIUS_SERVER DETAILS to  complete the  fortigate configurations






Once you have an account setup, the cfg is simple for the IronWIFI items.





You can uncover the  secret 







RadiusClient




Users accounts creations





You have a simple dashboard , and its provides very good details for the avg administrator and on what's happen  (  when/what/who/etc....)





You have a host of pre-defined reports that can be executed to  displau access-accept or rejects. These  logs can be downloaded as a text-format  which will meet most audit-trails.



The meer fact that you can download  logs is a big plus imho and these logs are simple to follow.










The advantage of IronWiFi over jumpcloud RADIUS-aaS are listed here & along with a typical deployment design.






Both are gear as RADIUS-aaS services but they are different in many way. IronWIFI an JumpCloud are reliable and good solutions.

AFAIK,

IronWIFI does not have a LDAP-aaS  other contender in this market are foxpass.



 ironwifi supports chap and mschap so your 100% secure from prying eyes from a internet standpoint




Ken Felix




Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \



No comments:

Post a Comment