Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1826
Views
0
Helpful
1
Replies

DUO 2FA Fortigate SSL Web

Go to solution
Alessio_Piraino
Level 1
Level 1

‎09-13-2018 05:48 AM

Hello,
I’m using Duo for 2fa on Fortinet FortiGate SSL VPN. I installed the radius proxy and it works all right. By accessing the VPN via the web, I receive the error message:

“The SSL-VPN host-check Java applet cannot be loaded. Please check that you have Java installed and enabled.”
Access to the VPN is therefore denied, but with the other vpn portals that do not use radius, this does not happen.

Any tips?

Thank you,
Alessio

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎09-13-2018 06:56 AM

The SSL VPN host check is a FortiGate component.

Duo does not restrict the use of Java in the browser. Our Java plugin policy can check to see if it Java is enabled and can also restrict Duo authentication approval - but this is only if you explicitly set your Duo policy to do this.

Also, the Duo plugin policy for Java only applies when using the browser-based inline Duo Prompt. If you followed these instructions for Duo + FortiGate then the inline Duo Prompt isn’t used so Duo would do no Java checking at all and all authentication communication with Duo would only happen at the VPN appliance.

Have you contacted FortiGate support about this? That might be a good thing to try, as they could give you the best suggestions around debugging their host-check applet.

Duo, not DUO.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎09-13-2018 06:56 AM

The SSL VPN host check is a FortiGate component.

Duo does not restrict the use of Java in the browser. Our Java plugin policy can check to see if it Java is enabled and can also restrict Duo authentication approval - but this is only if you explicitly set your Duo policy to do this.

Also, the Duo plugin policy for Java only applies when using the browser-based inline Duo Prompt. If you followed these instructions for Duo + FortiGate then the inline Duo Prompt isn’t used so Duo would do no Java checking at all and all authentication communication with Duo would only happen at the VPN appliance.

Have you contacted FortiGate support about this? That might be a good thing to try, as they could give you the best suggestions around debugging their host-check applet.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents