TACACS+ servers – FortiAnalyzer – FortiOS 6.2.3

TACACS+ servers

Terminal Access Controller Access-Control System (TACACS+) is a remote authentication protocol that provides access control for routers, network access servers, and other network computing devices via one or more centralized servers. It allows a client to accept a user name and password and send a query to a TACACS authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies network access to the user. The default TCP port for a TACACS+ server is 49.

If you have configured TACACS+ support and an administrator is required to authenticate using a TACACS+ server, the FortiAnalyzer unit contacts the TACACS+ server for authentication. If the TACACS+ server can authenticate the administrator, they are successfully authenticated with the FortiAnalyzer unit. If the TACACS+ server cannot authenticate the administrator, the connection is refused by the FortiAnalyzer unit.

To use a TACACS+ server to authenticate administrators, you must configure the server before configuring the administrator accounts that will use it.

To add a TACACS+ server:

  1. Go to System Settings > Admin > Remote Authentication Server.
  2. Select Create New > TACACS+ Server from the toolbar. The New TACACS+ Server pane opens.
  3. Configure the following settings, and then click OK to add the TACACS+ server.
Name Enter a name to identify the TACACS+ server.
Server Name/IP Enter the IP address or fully qualified domain name of the TACACS+ server.
Port Enter the port for TACACS+ traffic. The default port is 49.
Server Key Enter the key to access the TACACS+ server. The server key can be a maximum of 16 characters in length.
Authentication Type Select the authentication type the TACACS+ server requires. If you select the default ANY, FortiAnalyzer tries all authentication types.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos