Mirket Help Center
  • Mirket Help Center
    • End User License Agreement
    • Privacy Policy
    • Mirket On Premise
      • Mirket Installation
        • Mirket MFA Installation Requirements
        • Mirket Installation Steps
      • Mirket Admin Panel
        • Dashboard
        • Admin Accounts Configuration
        • User Management
          • Local Users Configuration
          • Local Group Configuration
          • Ldap Users
          • LDAP Group Configuration
        • Rules
          • Radius Rules
            • Radius Clients
            • Radius Rules
            • Authorization Profiles
          • RDP Rules
          • OWA Rules
          • API Rules
            • API Docs
        • Providers
          • Approve / Deny
          • Mirket OTP
          • TOTP
          • SMS Providers
          • Pauth
          • Pauth or Approve/Deny
          • Bypass
        • Logging
          • Radius Logging
          • RDP Logging
          • OWA Logging
          • API Logging
        • Reports
        • Settings
          • General Settings
          • Syslog Settings
          • Notification Settings
          • License
        • Mirket Upgrade Process
      • Mirket Agents
        • Mirket RDP Agent
        • Mirket OWA Agent
      • Mirket MFA App
      • Integrations
        • Array Networks SSL VPN Integration
        • Barracuda CloudGen Firewall Integration
        • Citrix Integration
        • Cisco ASA Integration
        • Cisco ISE RADIUS Integration
        • Checkpoint SSL VPN Integration
        • CyberArk Integration
        • Dell SonicWall Network Security Appliance Integration
        • Fortigate MFA for admin accounts
        • Fortigate SSL VPN Integration
        • F5 integration
        • Ivanti Pulse Secure Connect Integration
        • Palo Alto MFA for admin accounts
        • Palo Alto SSL VPN Integration
        • Sophos SSL VPN Integration
        • Watchguard SSL VPN Integration
        • Ubuntu Server 22.0.4 SSH connections
        • XLOG Integration
        • VMware Horizon 8 RADIUS Integration
      • Knowledge Base
        • User not found on logs even user exist
        • Global Protect authentication happened two time while using RADIUS
        • User is not withdrawn from LDAP.
        • Fortigate SSL VPN timeout
        • Provider not found error
        • How to install SSL certificate to Mirket
        • Can a Palo Alto be set up to forward client IP addresses to Mirket?
        • SMS not sent to the phone number
      • Release Notes
        • Mirket Version 4.1.2
        • Mirket Version 4.0.6
        • Mirket Version 4.0.0
        • Mirket Version 3.9.2
    • Mirket SAAS Platform
      • Mirket Gateways Installation Requirements
      • Mirket Portal
        • Dashboard
        • Administration
        • Users
          • LDAP Users
          • Local Users
        • Groups
        • External Sources
        • Authentication
          • Radius Rules
          • Proxy Rules
          • OWA Rules
          • ADFS
            • ADFS Management
            • ADFS Agent
          • Custom API
          • OS Logon
            • OS Logon Management
            • OS Logon Agent
        • User Portal
          • User Portal Management
          • User Portal Login Page
          • User Portal Dashboard
        • Connector
          • Radius Gateways
          • LDAP Gateways
          • Proxy Gateways
        • SMS Providers
        • Settings
          • General Settings
          • Syslog
          • Attribute Profiles
      • Monitor
        • Audit Logs
        • Radius Logs
        • Proxy Logs
        • OWA Logs
        • User Portal
        • ADFS Logs
        • OS Logon Logs
      • Mirket Mobile App
      • Integrations
        • Array Networks SSL VPN Integration
        • Barracuda CloudGen Firewall Integration
        • Citrix Integration
        • Cisco ASA Integration
        • Cisco ISE RADIUS Integration
        • Checkpoint SSL VPN Integration
        • CyberArk Integration
        • Dell SonicWall Network Security Appliance Integration
        • Fortigate MFA for admin accounts
        • Fortigate SSL VPN Integration
        • F5 integration
        • Ivanti Pulse Secure Connect Integration
        • Palo Alto MFA for admin accounts
        • Palo Alto SSL VPN Integration
        • Sophos SSL VPN Integration
        • Watchguard SSL VPN Integration
        • Ubuntu Server 22.0.4 SSH connections
        • XLOG Integration
        • VMware Horizon 8 RADIUS Integration
      • Knowledge Base
      • Release Notes
Powered by GitBook
On this page
  • General Overview
  • Configuring the Fortigate Firewall
  • Administrator Configuration
  • Add a Fortigate as Resource in Mirket with NPS
  • User and Group configuration on Mirket
  • Create an Authorization Profile on Mirket
  • Add a Radius Rules to Mirket
  1. Mirket Help Center
  2. Mirket On Premise
  3. Integrations

Fortigate MFA for admin accounts

General Overview

This guide explains how to perform multiple authentication for administrator accounts in Fortigate Firewall.

Configuring the Fortigate Firewall

Administrator Configuration

For multifactor authentication with administrator in FortiGate Firewall, you need to add an administrator account.

To configure an administrator account:

  • Access the FortiGate web UI using https://<IP address of FortiGate>

  • Select System > Administrators.

  • Click on Create New > Administrator

  • Enter a username for the Administrator account in the Name field.

  • Under the Type section, select "Match a user on a remote server group' for a single user", or "Match all users in a remote server group" for all users. We proceed by choosing the "Match a user on a remote server group" option.

  • Enter a backup password in the Backup Password field, for use when Fortigate is unable to reach the credential server.

  • Enter your backup password in the Confirm Password field.

  • Select "super_admin" option from Administrator Profile dropdown list.

  • Select the remote user group to which you will add the administrator account from the Remote User Group dropdown list.

  • Keep the remaining settings as default values.

  • Click on OK to confirm settings.

Add a Fortigate as Resource in Mirket with NPS

Before starting, ensure that you have installed NPS (Network Policy Server) from Server Manager. Once installed, open the Network Policy Server. To add a Radius Client to the NPS, follow these steps:

  • Click on the 'Radius Clients and Server' folder and select the 'Configure Radius Clients' option.

  • Hover over the 'Radius Clients' option, right-click using the mouse, and select New.

  • In the window that appears, assign a name to your Radius Client in the Friendly Name section.

  • Enter the IP address of your firewall in the Address (IP or DNS) section.

  • Select either the 'Manual' or 'Generate' option to enter your secret key in the Secret Key section.

  • Click OK to confirm settings.

User and Group configuration on Mirket

To set up multifactor authentication, make sure you have at least one user group in Mirket.

If it is preferred to use a local user, first create a local group and then create a local user and make the user a member of the group.

If it is preferred to use LDAP users, the priority LDAP group is created by pulling users from Active Directory or OpenLDAP in Mirket.

Create an Authorization Profile on Mirket

After authentication, in scenarios requiring authorization (Example: Sending group name to the Radius client in SSL VPN), you can complete the process by creating an authorization profile in Mirket and selecting the created profile in Radius rules.

The following steps should be followed to create an authorization profile:

  • Select Authorization Profiles.

  • Click on Add New.

  • Enter a authorization profile name in the Name field.

  • Select the attribute type as "FortigateGrupName" from the Attribute Type dropdown list.

  • Enter the group to be granted authorization in the Value field. Please make sure that value is the same with grup name you spesify in Fortigate.

  • Click on Save to confirm settings.

Add a Radius Rules to Mirket

Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP etc.).

First, you should follow these steps:

  • Select Rules > Radius Rules.

  • Click on Add New.

  • Enter a rule name in the Name field.

  • Enter the rule description in the Description field.

  • Select the group to which the rule applies from the Group dropdown list.

  • Select the provider to which the rule applies from the Provider dropdown list.

  • Select the authorization profile to which the rule applies from the Authorization dropdown list.

  • Click on Save to confirm settings.

PreviousDell SonicWall Network Security Appliance IntegrationNextFortigate SSL VPN Integration

Last updated 1 month ago

Create a Local Group to add users manually.
Add local Mirket users manually.
Create a LDAP group to include LDAP users.
Sync users from an external user database.
Fortigate SSL VPN Integration
Radius Clients
Radius Rules
Authorization Profiles
Local Group Configuration
Local Users Configuration
LDAP Group Configuration
LDAP Users