06-09-2020 10:25 PM
Hello All,
Need to know is it possible to achieve 2fa for Fortinet SSL VPN users.
Like primary authentication will be users who are locally configured on Fortinet device (no Ad server here) and second will be via duo.
Please help me
06-10-2020 06:02 AM
Hi Vishal,
Welcome to the Duo Community! I removed your other post on this topic, as it was a duplicate. We ask that you don’t create duplicate posts here to help keep the community organized. It makes it easier for others to find and answer your post, too. You can read our guidelines here for more.
To answer your question, yes it is possible. We have docs that explain how to do this here: 2FA for Fortinet FortiGate SSL VPN Clients with RADIUS Auto Push | Duo Security
You also might find the related Fortinet articles in our knowledge base helpful if you run into any questions (link here).
Hope that helps!
08-25-2022 11:55 AM
So your saying a RADIUS server is required, and the proxy needs to be installed on any computer?
08-25-2022 02:41 PM
Hi @cedstrom ,
I’m not sure what you’re asking.
In general, the easiest way to add Duo 2FA to FortiGate VPN logins is to setup a Duo Authentication Proxy on your network and point the FortiGate to that Duo proxy server to use for RADIUS authentication (the Authentication Proxy is the RADIUS server). Instructions for that are here. This does require some external primary authentication server, either AD/LDAP or RADIUS, for the Duo proxy to use for verifying user passwords before 2FA.
Are your VPN users also stored locally on the Fortigate device like the original poster? To my recollection FortiGate devices don’t support chained separate authentication sources, so it wouldn’t be possible to configure primary auth against local DB and then Duo 2FA only via RADIUS.
06-10-2020 07:30 AM
Amy,
Thanks for replying.
I’m asking about primary authentication will be local only i.e users created on firewall manually and secondary authentication will be via duo.
Awaiting response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide