Security

 View Only
Back to discussions
Expand all | Collapse all

SSH Access to Cisco Switch/Fortigate Firewall using MFA: First Factor - AD, Second Factor - RSA Token

This thread has been viewed 14 times

  • 1.  SSH Access to Cisco Switch/Fortigate Firewall using MFA: First Factor - AD, Second Factor - RSA Token

    Posted Jul 21, 2025 11:38 PM

    Clearpass Version: 6.12.5 (On-Prem)

    RSA Authentication Manager: 8.7 SP2 (On-Prem)

    RSA Token Type: Hard Token

    Hi all 

    I' m trying to achieve MFA to access:-

    • Cisco Switches (via SSH)
    • Fortinet Firewalls (via SSH, HTTPS)

    I am successfully using Clearpass to authenticate AD User via TACACs.  This is the first factor.

    I want to extend this to a second factor which is RSA Authentication Manager, using an RSA Hard Token.

    I have had mixed reports saying this cant be done but I'm not convinced.  Twenty years ago, I'm sure I logged into Cisco Switches using my credential, with a password to which the one-time RSA token humber was appended to.

    Can anyone confirm is whether the aboce use cases are achievable and if so, can you provide some guidance as to how I go about doing this.  I have Cleapass and RSA ine the lab so I'm not afraid to break anything.

    Thanks in advance.

    Barry



  • 2.  RE: SSH Access to Cisco Switch/Fortigate Firewall using MFA: First Factor - AD, Second Factor - RSA Token

    Posted Jul 22, 2025 03:36 PM

    I'm not sure about the RSA piece but why not use SAML on the FortiGate web interface instead?




Related Content