TACACS+ server
In recent years, remote network access has shifted from terminal access to LAN access. Users connect to their corporate network (using notebooks or home PCs) with computers that use complete network connections and have the same level of access to the corporate network resources as if they were physically in the office. These connections are made through a remote access server. As remote access technology has evolved, the need for network access security has become increasingly important.
Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that provides access control for routers, network access servers, and other networked computing devices via one or more centralized servers. TACACS allows a client to accept a user name and password and send a query to a TACACS authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies network access to the user. The default TCP port for a TACACS server is 49.
For more information about TACACS servers, see the FortiGate documentation.
Go to System Settings > Admin > Remote Auth Server > TACACS+ Server to create a new TACACS+ server entry or edit an existing server entry.
The TACACS+ server list provides the following information and options:
Delete | Select the check box next to the server name and select Delete. You cannot delete a TACACS+ server entry if there are administrator accounts using it. |
Create New | Add a new TACACS+ server entry. |
Name | The TACACS+ server name. Select the server name to edit the settings. |
Server Name/IP | The IP address or DNS resolvable domain name of the TACACS+ server. |
To add a TACACS+ server:
1. Go to System Settings > Admin > Remote Auth Server > TACACS+ Server. The list of TACACS+ servers appears.
2. Select the
Create New tool bar icon. The
New TACACS+ Server dialog box appears; see
Figure 67.
3. Configure the following information:
Name | Enter a name to identify the TACACS+ server. |
Server Name/IP | Enter the IP address or fully qualified domain name of the TACACS+ server. |
Port | Enter the port for TACACS+ traffic. The default port is 389. |
Server Key | Enter the key to access the TACACS+ server. The server key can be a maximum of 16 characters in length. |
Auth-Type | Enter the authentication type the TACACS+ server requires. The default setting of ANY has the FortiManager unit try all the authentication types. |
4. Select OK to save the new TACACS+ server entry.
To modify an existing TACACS+ server configuration:
1. Go to System Settings > Admin > Remote Auth Server > TACACS+ Server. The list of configured TACACS+ servers appears.
2. In the Name column, select the name of the server configuration you want to change. The Edit TACACS+ Server dialog box appears.
3. Modify the settings as required and select OK to apply your changes.
To delete an existing TACACS+ server configuration:
1. Go to System Settings > Admin > Remote Auth Server > TACACS+ Server. The list of configured TACACS+ servers appears.
2. Select the check box beside the server configuration you want to delete and then select the Delete tool bar icon. A confirmation dialog box appears.
3. Select OK to delete the server entry.
| You cannot delete a TACACS+ server entry if there are administrator accounts using it. |
