Cisco Duo with Fortigate IPSec VPN

hossam-adel · ‎06-13-2025

Hello,

Since FortiGate will no longer support SSL VPN, we are going to switch to using Client IPsec VPN. However, I wonder if we can still use Cisco Duo for MFA, as there is no application or tutorial available for this purpose.

Thanks

M02@rt37 · ‎06-14-2025

Hello @hossam-adel

If moving away from SSL VPN, Fortinet’s built-in MFA tokens are natively supported for IPsec.

Othet thing, VPN SSL not supported started version 7.6.3...is a feature train yet. You want to swirth to IPSEC right now ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

hossam-adel · ‎06-14-2025

Yes, we need to switch to IPsec right now, and Fortinet's built-in MFA isn't an option since we already have about 50 seats with Cisco Duo.

DuoKristina · ‎06-17-2025

Yes, you can keep using Duo via RADIUS, LDAP, or SAML with Fortigate IPSec Client VPN.

From our review so far, it looks like the steps to create the Duo RADIUS server or the Duo SAML config on the Fortigate are still very similar to what we have documented in...

SAML: https://duo.com/docs/sso-fortinet-fortigate

RADIUS: https://duo.com/docs/fortinet

With the difference being that instead of editing an SSL VPN configuration you instead would be editing an IPSec VPN config to add Duo.

https://docs.fortinet.com/document/fortigate/7.6.0/ssl-vpn-to-ipsec-vpn-migration/446639

https://docs.fortinet.com/document/fortigate/7.6.0/ssl-vpn-to-ipsec-vpn-migration/732082/radius-based-user-authentication

Duo, not DUO.