Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
974
Views
0
Helpful
1
Replies

Device health app with FortiClient VPN

Shtuka49
Level 1
Level 1

‎01-27-2022 06:25 AM

Hi,

I have a customer with a Fortigate, users connect through Forticlient VPN for SSL-VPN, currently using Duo 2FA, sending push to user’s phone to grant access.

Customer is looking to see if the Device health verification app option under duo beyond subscription is compatible with Forclient VPN?

I tried testing it on his environment with a trial account with no success, once I attach the enforce policy to an application (in this case I se it up as an LDAP proxy, local DAP is the LDAP server on the Fortigate Side)

The connection would not establish and no push notification would be send, as well as the prompt to install the app? or am i missing something here?

Thank you,

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎01-27-2022 09:41 AM

Device Health checks/policy only works when the Duo interactive prompt is shown in a browser. This isn’t possible for Fortigate with Duo added by RADIUS or LDAP.

If a given VPN client app supports passive browser login via federation/SSO, you can use Duo Single Sign-On + the Generic SAML application to add Duo to the VPN logins via SAML 2.0. Duo SSO shows a Duo prompt in the browser so it can also do Device Health checks.

Looks like it’s possible for FortiClient as of v6.4.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents