Radius Server Implementation to existing SSL-VPN Solution

To enhance the SSL-VPN infrastructure at a huge, international company, this project implemented FortiAuthenticator as a centralized AAA server within the Fortinet Security Fabric. Key goals included integrating multi-factor authentication (MFA) with FortiToken, enabling user-based policies, and ensuring compatibility with FortiGate firewalls. Additionally, SAML authentication via FortiAuthenticator was explored as a cost-efficient and user-friendly alternative to FortiToken, aligning with modern security standards and operational needs.

The implementation of FortiAuthenticator successfully enhanced the SSL-VPN infrastructure, meeting key objectives of improved security, scalability, and user-based access control. The integration of multi-factor authentication (MFA) with FortiToken performed well. The SSL-VPN configuration was also tested with FortiAuthenticator as a SAML proxy for MFA, demonstrating that this approach also worked effectively within the infrastructure.

The deployment of FortiAuthenticator in a high-availability (HA) cluster ensured redundancy and reliability. Additionally, the transition from IP-based to user-based policies improved flexibility and consistency in access control. Pilot implementations confirmed the system’s effectiveness, resolving minor configuration issues and establishing a scalable framework for broader deployment.

The project successfully modernized the companies SSL-VPN infrastructure by implementing FortiAuthenticator and transitioning to SAML authentication via Microsoft Entra ID. While the FortiToken-based OTP solution performed well, SAML was chosen for its equal security, better cost-efficiency, and improved user experience. The high-availability deployment and adoption of user-based policies ensured robust and flexible access control. With the pilot's success, the company is well-positioned for a global rollout, reinforcing its commitment to secure and efficient remote access.