SSL-VPN with Fortinet Firewall with Ping ID MFA and ClearPass OnGuard Health Check

Overview

SSL-VPN with Multifactor Authentication that verifies that Legitimate user has connected to the network with Second Factor of Verification
The Health Check of the End-Client makes sure that Only Compliant user are allowed onto the network

The Setup Involves below components

Fortinet Firewall as SSL-VPN Concentrator
ClearPass Policy Manager and ClearPass OnGuard
LDAP/AD
Ping Federate
PingID MFA

Workflow

The Client Initiates the SSL VPN Session against the Fortinet Firewall
The Fortinet Firewall forwards the request across ClearPass through Radius
ClearPass Forwards the Request to Ping-Federate through Radius
Ping Federate Checks the Credentials with OpenLDAP/AD and fetches the Attribute
If the Credentials entered are correct the Ping Federate invokes the PingID cloud to send and Push notification to Client
The PingID Cloud sends the Push notification to MFA Authenticator Device like A smartphone with PingID app .

Once the Push notification is approved or rejected the Ping ID would send the response across the Ping-Federate

The Ping Federate sends the Accept or Reject Based on the Response from LDAP and MFA.
ClearPass sends the Radius Accept to the Firewall if Ping Federate Sends an Accept Moving the user to Quarantine or Unknown Policy
ClearPass Onguard on the Client Machine performs the health check and sends the health info to the ClearPass Server
Based on the Health , appropriate Health token is sent to the Fortinet firewall and the User moves to Healthy or Quarantine Policy .

Benefits

MFA assures that only Valid and Verified user gets into the Network through SSL-VPN
Posture Check on Clients against ClearPass makes sure only Healthy Clients are allowed into the network
The Differential Policies on the Firewall can be applied with Integration of ClearPass and Fortinet as per Context like Posture, Type of device and LDAP groups
The Authentication against ClearPass, makes sure that the user gets similar access Wherever the user is (On-Prem or working Remotely)
Visibility on the user connecting to the Network

Leave a Comment Cancel Reply

Related Posts

Wireless Solutions by HPe Aruba

https://airowire.com/wp-content/uploads/2021/11/Aruba-Warehouse-Solutions.pdf

Wireless Survey

Table of contents: The document covers what is a wireless survey, why wireless survey, the

How to add new administrators and admin privileges on Clearpass?

Adding a new administrator on Clearpass is rather simple. Check out the video below for

Get smarter about how networks can offer amazing experiences for your customers and your business.

Airowire Networks PVT LTD
530 Lawrence Expressway
Sunnyvale, California 94085

Services

Social Media Links

Airowire Networks PVT LTD
L-29, 3rd Floor, 2nd A Main,
HSR Layout Sector 6,
Bengaluru – 560102
080 6837 1900

Get smarter about how networks can offer amazing experiences for your customers and your business.

Global Offices

Branch Offices

Global Offices

US

530 Lawrence Expressway
Sunnyvale, California
94085

Singapore

Airowire Networks PTE LTD
160 Robinson Road #14-04
Spore Business Federation CTR Singapore 68914

Branch Offices

Hyderabad

Ikeva Workspace
8-2-624/A/1, Level 1, [email protected],
MB Towers, Road No. 10,
Banjara Hills – 500034

Mumbai

A12 Marol Mayur CHSL,
Military Road Marol,
Andheri East – 400059

Airowire Networks 2023. © All Rights Reserved Made with 💛 by The Web People