DUO 2FA Fortigate SSL Web


#1

Hello,
I’m using Duo for 2fa on Fortinet FortiGate SSL VPN. I installed the radius proxy and it works all right. By accessing the VPN via the web, I receive the error message:

“The SSL-VPN host-check Java applet cannot be loaded. Please check that you have Java installed and enabled.”
Access to the VPN is therefore denied, but with the other vpn portals that do not use radius, this does not happen.

Any tips?

Thank you,
Alessio


#2

The SSL VPN host check is a FortiGate component.

Duo does not restrict the use of Java in the browser. Our Java plugin policy can check to see if it Java is enabled and can also restrict Duo authentication approval - but this is only if you explicitly set your Duo policy to do this.

Also, the Duo plugin policy for Java only applies when using the browser-based inline Duo Prompt. If you followed these instructions for Duo + FortiGate then the inline Duo Prompt isn’t used so Duo would do no Java checking at all and all authentication communication with Duo would only happen at the VPN appliance.

Have you contacted FortiGate support about this? That might be a good thing to try, as they could give you the best suggestions around debugging their host-check applet.