Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2369
Views
0
Helpful
4
Replies

Forntinet SSL VPN 2fa

vishal77
Level 1
Level 1

‎06-09-2020 10:25 PM

Hello All,

Need to know is it possible to achieve 2fa for Fortinet SSL VPN users.

Like primary authentication will be users who are locally configured on Fortinet device (no Ad server here) and second will be via duo.

Please help me

Labels:
0 Helpful
4 Replies 4

Amy2
Level 5
Level 5

‎06-10-2020 06:02 AM

Hi Vishal,

Welcome to the Duo Community! I removed your other post on this topic, as it was a duplicate. We ask that you don’t create duplicate posts here to help keep the community organized. It makes it easier for others to find and answer your post, too. You can read our guidelines here for more.

To answer your question, yes it is possible. We have docs that explain how to do this here: 2FA for Fortinet FortiGate SSL VPN Clients with RADIUS Auto Push | Duo Security
You also might find the related Fortinet articles in our knowledge base helpful if you run into any questions (link here).

Hope that helps!

0 Helpful

charlesedstrom
Level 1
Level 1
In response to Amy2

‎08-25-2022 11:55 AM

So your saying a RADIUS server is required, and the proxy needs to be installed on any computer?

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to charlesedstrom

‎08-25-2022 02:41 PM

Hi @cedstrom ,

I’m not sure what you’re asking.

In general, the easiest way to add Duo 2FA to FortiGate VPN logins is to setup a Duo Authentication Proxy on your network and point the FortiGate to that Duo proxy server to use for RADIUS authentication (the Authentication Proxy is the RADIUS server). Instructions for that are here. This does require some external primary authentication server, either AD/LDAP or RADIUS, for the Duo proxy to use for verifying user passwords before 2FA.

Are your VPN users also stored locally on the Fortigate device like the original poster? To my recollection FortiGate devices don’t support chained separate authentication sources, so it wouldn’t be possible to configure primary auth against local DB and then Duo 2FA only via RADIUS.

Duo, not DUO.
0 Helpful

vishal77
Level 1
Level 1

‎06-10-2020 07:30 AM

Amy,

Thanks for replying.

I’m asking about primary authentication will be local only i.e users created on firewall manually and secondary authentication will be via duo.

Awaiting response.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents