Certificate authority

LDAP server

MAC authentication bypass

RADIUS server

Fortiauthenticator must have the REST API access enable on port1

One of the DNS servers must be a Fortiguard DNS server

Fortigate must be setup as default gateway for FortiAuthenticator

Policies must have specific ports open between Fortiauthenticator and the authentication clients

Online activation of the tokens through the fortiguard network

Shipment of the seed files on a CD using a tamper-evident envelope

Using the in-house token provisioning toll

Automatic token generation using Fortiauthenticator

Configuring a portal policy

Configuring at least on post-login service

Configuring a RADIUS client

Configuring an external authentication portal

Revoked certificates cannot be reinstated for any reason

All certificates signed by a revoked CA certificate are automatically revoked

Revoked certificates are automatically added to the CRL

External CAs will periodically query Fortiauthenticator and automatically download revoked certificates

Forticlient SSO Mobility Agent

SSH Sessions

FortiAuthenticator in SAML SP role

Fortigate

RADIUS accounting

Guest portal policies apply only to authentication request coming from unknown RADIUS clients

Guest portal policies can be used only fo BYODs

Conditions in the policy apply only to guest wireless users

All conditions in the policy must match before a user is presented with the guest portal