Archives April 2023

FortiGate Two Factor Authentication with Email

by SinaOnline Network Training

Hello everyone, in this video, I will introduce how you can set up 2-step verification for SSL VPN users by sending a token through email. By default, there is no way to enable this option via the graphical user interface. We must enable this feature from the CLI.

1. User Login Request:

  • When a user attempts to log in to a FortiGate-protected resource, such as a VPN, web portal, or firewall management interface, they provide their username and password as the first authentication factor.

2. Verification of Username and Password:

  • FortiGate first verifies the provided username and password against its user database or an external authentication source, such as LDAP, RADIUS, or Active Directory. If the credentials are valid, the user passes the first authentication factor.

3. Request for Second Authentication Factor:

  • Once the user successfully completes the first factor (username and password), FortiGate prompts the user for the second authentication factor. In this case, it’s an email-based authentication.

4. Email-Based Authentication:

  • FortiGate sends an email containing a one-time passcode (OTP) or a link to the user’s registered email address. This email typically includes instructions on what the user should do next.

5. Retrieving and Entering the OTP:

  • The user checks their email and retrieves the OTP or clicks on the provided link. The OTP is typically time-limited and can only be used once for security purposes.

6. Entering the OTP or Confirming Access:

  • The user enters the OTP from the email into the FortiGate login prompt or clicks on the link, which confirms their identity as the second authentication factor.

7. Verification of Second Factor:

  • FortiGate verifies the entered OTP or link against its records to ensure it matches the one it sent to the user’s email. If the OTP or link is valid and within the time window, the user passes the second authentication factor.

8. Access Granted:

  • Once both factors are successfully authenticated (username/password and email-based OTP/link), FortiGate grants the user access to the requested resource or system.

9. Continuous Monitoring:

  • FortiGate may also implement continuous monitoring and session management to ensure that user sessions remain secure throughout their usage.

It’s worth noting that while email-based 2FA is a common method, FortiGate also supports various other second-factor authentication methods, including SMS-based codes, hardware tokens, software tokens, and push notifications through mobile apps. The choice of the second-factor method can depend on the organization’s security policies and user preferences.

Implementing 2FA with email in FortiGate enhances security by adding an extra layer of authentication, making it more challenging for unauthorized users to gain access to critical resources and helping protect against unauthorized access and data breaches.

Install and Config Cisco ASA on GNS3

by SinaOnline Network Training, Virtualization Training

Hello, today we will install GNS3 with you and then we will install CISCO ASA on it. I will also explain how we can connect to Cisco ASA with ASDM.

Let’s start.

Step 1: Obtain Cisco ASA Image

You’ll need a Cisco ASA image file to run it in GNS3. You can acquire this image from legal and legitimate sources, such as Cisco’s official website, or if you have a Cisco ASA device, you may be able to extract it. Make sure you have the proper licensing to use the image.

Step 2: Install GNS3

If you haven’t already, download and install GNS3 on your computer from the official website (https://www.gns3.com/). Follow the installation instructions for your specific operating system.

Step 3: GNS3 Initial Setup

  1. Launch GNS3 and complete the initial setup wizard. This typically includes configuring preferences like where to store your projects and images.
  2. Make sure you have the GNS3 VM (Virtual Machine) configured and running. You can download the GNS3 VM from the GNS3 website and follow the installation instructions provided there.

Step 4: Add Cisco ASA to GNS3

  1. In GNS3, go to “Edit” > “Preferences.”
  2. In the Preferences window, click on “QEMU VMs” on the left sidebar.
  3. Click the “New” button to add a new virtual machine.
  4. Provide a name for the virtual machine (e.g., “Cisco ASA”).
  5. In the “Type” dropdown menu, select “ASA” for Cisco ASA.
  6. In the “QEMU binary” section, browse and select the QEMU binary executable. This binary should be located in your GNS3 VM.
  7. Set the RAM and CPU settings based on your system resources and requirements.
  8. Click “Next” and follow the on-screen instructions to complete the virtual machine setup.

Step 5: Add ASA Image to GNS3

  1. In GNS3, go to “Edit” > “Preferences” again.
  2. In the Preferences window, click on “QEMU” on the left sidebar.
  3. Click the “QEMU VMs” tab.
  4. Select the “Cisco ASA” virtual machine you created earlier.
  5. In the “QEMU Options” section, click the “Browse” button next to “QEMU image” and select the Cisco ASA image file you obtained.

Step 6: Configure Cisco ASA in GNS3

  1. Drag and drop the Cisco ASA device from the GNS3 device list onto your GNS3 workspace.
  2. Right-click on the ASA device and choose “Start.”
  3. Right-click again and select “Console” to open the console window for the ASA.
  4. Configure the ASA as needed using the command-line interface (CLI). This includes setting up interfaces, IP addresses, access control policies, and any other configurations you require.
  5. Save your configurations to ensure they persist across sessions.

With these steps, you should have a Cisco ASA running in GNS3, ready for configuration and testing in your simulated network environment. Remember to follow proper licensing and usage guidelines when using Cisco ASA images.