Fortinet FortiAuthenticator 1000C

Overview:

The FortiAuthenticator™ 1000C delivers centralized secure two-factor authentication for up to 10,000 users making the solution ideal for deployment within medium to large enterprise and for managed security service providers (MSSP).

The FortiAuthenticator-1000C user identity management appliance strengthens enterprise security by simplifying and centralizing the management and storage of user identity information used for authentication. Designed as a central repository for user validation information, the FortiAuthenticator platform enables multiple authentication technologies for controlling user access including two-factor authentication, identity verification and network access control. FortiAuthenticator is available in a range of hardware appliances and in a VM format with stackable user licensing delivering the greatest flexibility possible.

FortiAuthenticator-1000C Features & Benefits:

• Low cost per user with no user based licensing makes the FortiAuthenticator one of the most cost effective solutions in the market
• Standards-based secure authentication which works in conjunction with FortiTokens to deliver secure two-factor authentication to any third-party device capable of authentication via RADIUS or LDAP
• Hardened appliance that can be deployed in minutes to secure access to your network infrastructure
• Integrates with existing solutions such as LDAP or AD servers to lower the cost and complexity of adding strong authentication to your network
• User self-service password reset lowers your costs by allowing your users to reset their own password without administrator intervention
• Certificate Authority functionality simplifies your CA management and delivers user certificate signing, FortiGate VPN, or server x.509 certificates for use in certificate-based two-factor authentication
• Upgrade path from FortiGate/FortiToken allows you to maximize your existing investment and scale your two-factor deployment when needed.

Stronger Security with Two-factor Authentication

FortiAuthenticator extends two-factor authentication capability to multiple FortiGate appliances and to third party solutions that support RADIUS or LDAP authentication. User identity information from FortiAuthenticator combined with authentication information from FortiToken ensures that only authorized individuals are granted access to your organization's sensitive information. This additional layer of security greatly reduces the possibility of data leaks while helping companies meet audit requirements associated with government and business privacy regulations.

FortiAuthenticator supports the widest range of tokens possible to suit your user requirements. With the physical Fortitoken-200, e-mail and SMS tokens, FortiAuthenticator has a token options for all users. Two-factor authentication can be used to control access to applications such as FortiGate management, SSL and IPSEC VPN, Wireless Captive Portal login, third party networking equipment and web sites.

Simpler Management and User Experience

By providing all services and storage of user identity information on a single device, the FortiAuthenticator appliance significantly lowers the cost of delivering secure user authentication. The FortiAuthenticator system can be deployed in minutes rather than hours and has been designed to simplify all steps of the user authentication life cycle; from integration with existing authentication databases to zero impact token initialization. Users can recover their own credentials through a self-service portal by answering pre-agreed questions and providing a token PIN, further reducing administrative burden. The FortiAuthenticator also allows users to self register their details such as e-mail address, phone number, mobile number and security questions for password recovery. This enables FortiAuthenticator be used as a self-registration portal for wireless and guest networks or by a receptionist in a visitor environment.

IEEE802.1X Port Access Control

The FortiAuthenticator supports, EAP-MD5, EAP-TTLS, EAPTLS, EAP-GTC and PEAP protocols for authentication via 802.1X for Port Based Network Access Control. This can be used by third party switches and wireless to authenticates devices (and their users) before allowing them onto the corporate network. FortiAuthenticator also supports fallback to MAC based authentication for non-interactive devices such as printers.

FortiAuthenticator Certificate Authority

In addition to providing secure authentication via RADIUS enhanced with time based tokens, FortiAuthenticator supports certificate based two-factor authentication. Acting as a root or intermediary CA, FortiAuthenticator eases the typically painful process of signing, issuing and revoking client certificates for use in FortiGate VPN deployments with support for SCEP. When combined with FortiToken-300 for secure user certificate storage, FortiAuthenticator is the ideal strong authentication server solution, for all user and authentication types.

Fortinet Single Sign On (FSSO)

Fortinet Single Sign On (FSSO) improves the user experience by reducing the number of authentications. Transparent authentication can be provided in several ways:

• Polling of an Active Directory Domain Controller
• Integration with FortiClient Single Sign-On Mobility Agent which detects login/out and IP address changes
• Monitoring of Carrier RADIUS Accounting Start records
• FSSO Portal based authentication with tracking widgets to reduce the need for repeated authentications.

Once detected, details of the logged in user are communicated to the FortiGate, together with group membership details to be used in dynamic, Identity Based Policies.

Features & Benefits:

Benefits

• Strengthens enterprise security by simplifying and centralizing the management of user identity information
• Extends the scope of and enhances existing FortiToken deployments
• Increases confidence in user identity with Two-factor Authentication
• Supports a wide range of thirdparty solutions via RADIUS and LDAP integration
• Enables FortiGate identity-based policies through integration with Active Directory
• Provides users with transparent network authentication via Fortinet Single Sign-On
• Certificate Authority enables the signing, issuing and revoking of x.509 user certificates as a twofactor alternative

Management Options

• Local Web-Based Management Interface
• Command Line Management Interface (CLI)
• Centralized management and analysis by FortiManager and FortiAnalyzer

Technical Specifications:

Model:	FAC-200D	FAC-400C	FAC-1000C	FAC-3000B
Hardware
10/100/1000 Interfaces (Copper, RJ-45)	4	4	4	4
Local Storage	1 x 1 TB Hard Disk Drive	1 x 1 TB Hard Disk Drive	1 x 1 TB Hard Disk Drive	1 x 1 TB Hard Disk Drive
Power Supply	Single 480W Auto Ranging (100V~240V)			Dual 480W Auto Ranging (100V~240V)
System Performance
Local Users	500	2,000	10,000	20,000
Remote Users	500	2,000	10,000	20,000
FortiTokens	500	2,000	10,000	20,000
NAS Devices	50	200	1,000	2,000
User Groups	25	50	200	2,000
CA Certificates	2	10	50	250
User Certificates	500	2,000	10,000	200,000
Dimensions
Height	1.80 in (45 mm)	1.70 in (44 mm)	1.69 in (43 mm)	3.50 in (89 mm)
Width	17.1 in (433 mm)	17.10 in (435 mm)	17.09 in (434 mm)	17.5 in (445 mm)
Length	13.9 in (352 mm)	14.3 in (364 mm)	24.69 in (627 mm)	27.5 in (698 mm)
Weight	23 lb (10.43 kg)	23 lb (10.43 kg)	24.2 lb (11.0 kg)	55.3 lb (25.1 kg)
Environment
Form Factor	Rack Mountable (1RU)	Rack Mountable (1RU)	Rack Mountable (1RU)	Rack Mountable (2RU)
Power Source	100 - 240 VAC, 50-60 Hz	100 - 240 VAC, 50-60 Hz	100 - 240 VAC, 50-60 Hz	100 - 240 VAC, 50-60 Hz
Current (Max)	1.00A /110V, 0.50A /220V	4.00A /110V, 2.00A /220V	3.50A /110V, 1.75A /220V	9.4A /110V, 4.7A /220V
Power Consumption (Avg)	60W	100 W	189 W	317 W
Heat Dissipation	205 BTU/h	411 BTU/h	644 BTU/h	1082 BTU/h
Operating Temperature	32 – 104 deg F (0 – 40 deg C)		50 – 95 deg F (10 – 35 deg C)
Storage Temperature	-13 – 158 deg F (-25 – 70 deg C)		-40 – 149 deg F (-40 – 65 deg C)
Humidity	10 to 90% non-condensing		20 to 80% non-condensing
System
Standards Supported	10/100/1000 Base-TX (GbE), 1000, IP, Telnet, HTTP 1.0/1.1, SSL, RS232, NTP Client (RFC1305), RADIUS (RFC2865), LDAP (RFC4510), x.509 (RFC5280), Certificate Revocation (RFC3280), PKCS#12 Certificate Import, PKCS#10 CSR Import (RFC2986), Online Certificate Status Protocol (RFC 2560), EAP-TLS (RFC2716), Simple Certificate Enrollment Protocol (SCEP)
Management	CLI, Direct Console DB9 CLI, HTTPS
Compliance
Regulatory Compliance	IEC 60950-1, CSA 60950-1, EN 60950-1, ICES-003, EN 55024, CISPR 22, AS/NZS 3548, FCC, 47FR part 15 Class A, VCCI-A
Safety Compliance	CSA, C/US, CE, UL

Services & Support:

FortiGuard Security Subscription Services

FortiGuard Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security Research Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion prevention, web filtering, antispam, vulnerability and compliance management, application control, and database security services.

FortiCare Support Services

FortiCare Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products to perform optimally. Support plans start with 8x5 Enhanced Support with "return and replace" hardware replacement or 24x7 Comprehensive Support with advanced replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware products include a 1-year limited hardware warranty and 90-day limited software warranty.

Documentation:

Download the Fortinet FortiAuthenticator Datasheet (PDF).