What are three methods of firewall authentication?
- Local password
- Server-based password
- Two-factor
Where are local accounts stored?
Locally on FortiGate
What is a way to configure server-based password authentication?
- Create a user account locally, specify authentication server
- Add the authentication server to a user group
Where can you configure POP3?
CLI
What is the benefit of creating user accounts on FortiGate for server-based authentication?
Can configure MFA
What is LDAP?
An application protocol for accessing and maintaining distributed directory information services
What is RADIUS?
A standard protocol that provides AAA services
What must be done on the RADIUS server to allow functionality with FortiGate?
FortiGate must be listed as a client on the RADIUS server
What are some methods of OTP delivery?
- FortiToken
- Email/SMS
- FortiToken mobile push
What needs to sync for FortiToken to work?
- Time
- Seed
How many soft token activates do you get for each FortiGate before you have to purchase more?
2
What are some ways to alter active authentication behavior?
- Enable authentication on every policy that could match the traffic
- Enable a captive portal on the ingress interface for traffic
- Enforce authentication on demand (CLI)
What happens with authentication if there is a fall-through policy in place?
Unauthenticated users are not prompted for authentication
What are the types of authentication timeout?
- Idle
- Hard
- New
What is the default authentication timeout behavior?
- Idle
- 5 minutes
What is hard authentication timeout?
Authentication expires after that amount of time, regardless of activity
Where do you monitor users authenticating through the firewall?
Dashboard > Assets & Identities > Firewall Users
A remote LDAP user is trying to authenticate with a username and password. How does FortiGate verify the login credentials?
FortiGate sends the user-entered credentials to the remote server for verification
How are RADIUS group memberships configured?
With vendor-specific attributes (VSAs)
