Fortinet FortiToken™ 200 Two-Factor Authentication
One Time Password Token for Strong Authentication
Click here to jump to more pricing!
Overview:
The FortiToken-200 allows organizations to deploy a two-factor authentication solution. It is an easy-to-use, one-time password (OTP) token that reduces the risk of compromise created by alternative single-factor authentication systems relying on, for example, static passwords. The FortiToken enables administrators with the need for two-factor authentication to offer enhanced security for both remote and on-premise users. The FortiToken-200 is a part of Fortinet's broad multi-factor authentication product strategy; it ensures that only authorized individuals access your organization's sensitive information -- enabling business, protecting your data, lowering IT costs, and boosting user productivity.
You cannot always trust your users with your network security. Relying solely on static passwords for remote access to your VPN and web sites provides only weak authentication because your users' passwords are vulnerable to theft or guessing, as well as dictionary and brute-force attacks. No matter the size of your network, easy-to-use-and-deploy One Time Password (OTP) tokens let you solve this problem affordably by adding a second factor for strong authentication.
FortiToken-200 Features & Benefits:
- Extremely secure, strong authentication using OTP tokens ensures a high degree of identity certainty and enhances online trust
- Totally scalable security solution meets compliance requirements (e.g., HIPAA, PCI, FFIEC) and industry best-practices for all deployment sizes
- Long battery life, perpetual license, simple deployment model, and minimal required infrastructure gives you low cost of ownership for your strong authentication solution
- Zero client footprint lets you easily administer tokens for your remote users while the low learning curve ensures quick and painless adoption by end-users
- Tokens can be used for authentication to multiple online systems, and you can quickly reassign them among users, protecting your investment
- Highly secure seed delivery options allow you to manage your tokens flexibly in the way that makes most sense for your network operations and security requirements
Leverage Existing Fortinet Platforms
Each FortiGate™ consolidated security platform is able to provide an integrated authentication server. Combining this authentication capability with the FortiToken eliminates the need for the external server typically required when implementing two-factor solutions.
The short-lived, time-based token adds strong authentication to secure remote Virtual Private Network (VPN) IPSEC access, SSL VPN access, Wi-Fi Captive Portal network logon and FortiGate Administrator login. The token always remains synchronized with the FortiGate controller.
Seeds Managed by FortiGuard®
The FortiGuard™ Center maintains your token seeds in a cloud-based repository. Once a FortiToken has been registered, FortiGuard securely distributes the necessary token seeds to FortiGate to complete the process. When required by identity based security policies, the FortiGate is able to verify the users 6-digit OTP against its own database.
Standards and AAA Servers Compatibility
The FortiToken-200 is compatible with popular on-premise and remote access servers including Active Directory, LDAP and RADIUS. The FortiGate maintains the backend communication with these servers and at the same time manages the second factor authentication with the users. Moreover in combination with FortiGate, the token complies with OATH standards.
Resilient Design
The FortiToken-200 comes in tamper-resistant/tamper-evident packaging for additional security. The token also has a tamper-proof memory design which protects the internal synchronous dynamic password generator.
FortiClient PC Benefits:
- Reduces costs and complexity by using your existing FortiGate as the two-factor authenticator
- Token seed repository by FortiGuard™ minimizes provisioning headaches
- Perpetual token license eliminates annual subscription fees
- Low cost of entry with scalability
FortiClient PC Features:
- Integrated with FortiClient™ and protected by FortiGuard™
- Standards-compliant
- Synchronized with FortiGate® OTP dbase
- Short-duration (60-seconds), time based , 6-digit password
Deployment Scenarios:
SSL-VPN web login example
- IT purchases a pool of tokens and enters each tokens Serial number into the FortiGate GUI or CLI
- FortiGate validates the serial numbers against FortiGuard Center and securely downloads and stores the seed files in encrypted format
- In HA mode the Token Seed and Serial numbers are automatically synchronized
- After seed files download, the tokens are activated and ready for assignment to users. IT selects each user that should undergo 2-factor authentication
Product Comparison:
FortiToken vs. RSA SecureID
FortiToken-200 | RSA-Secure ID |
---|---|
Tokens don't expire | SecureID tokens expire |
OTP only when button pushed | One-time password always shown |
Long battery life | Limited battery life |
FortiGate validates token | External Ace server required |
Scalable to all customer sizes | Server cost high for certain markets |
Affordable token pricing | Expensive tokens |
Not only does FortiToken overlay the existing FortiGate deployment, but also it requires no external server and comes with perpetual license
Specifications:
FortiToken-200 | |
---|---|
Embedded Security Algorithm | OATH TOTP Time-based |
Component | Built-in Button 6 Character LCD Screen Globally Unique Serial Number |
Battery Lifetime | Up to 5 Years / Up to 14000 dynamic passwords |
Operating Temperature | -10°C to 50°C |
Storage Temperature | -20°C to 70°C |
Water-Resistant | IP68 (Ingress Protection) |
Casing | Hard Molded Plastic (ABS) Tamper-Evident/Tamper-Resistant |
Secure Storage Medium | Static Random Access Memory (RAM) |
Battery Type | Standard Lithium Battery |
Hardware | RoHS Compliant |
Scalability:
Examples of Platform Scalability | ||
---|---|---|
FortiGate Model | FortiWiFi Model | Max Number of FortiTokens |
FortiGate-20C FortiGate-50B |
FortiWiFi-20C FortiWiFi-50B |
20 |
FortiGate-60B/60C FortiGate-80C |
FortiWiFi-60C FortiWiFi-80C |
500 |
FortiGate-40C FortiGate-110C/FortiGate-111C FortiGate-200B/FortiGate-200B-POE FortiGate-310B/FortiGtate-311B FortiGate-620B/FortiGate-621B FortiGate-800 |
FortiWiFi-40C | 1000 |
FortiGate-1240B FortiGate-3016B FortiGate-3040B/FortiGate-3140B FortiGate-3600A |
5000 | |
FortiGate-3810 FortiGate-3950B/FortiGate-3951B FortiGate-5001A/FortiGate-5001B |
5000 |
Documentation:
Download the Fortinet FortiToken Datasheet (PDF).
Pricing Notes:
- Pricing and product availability subject to change without notice.