Forticlient EMS IPSEC VPN w/MFA

Forum|Forum|1 year ago
November 8, 2024
2 replies
1904 views

We are rolling out the IPSEC VPN delivered to Windows laptops using the EMS client. Right now, we have the LDAP authentication for the IPSEC VPN integrated with Duo MFA. Users receive a Duo push to their mobile phones at every VPN login or reconnect.

Does anyone have a better MFA approach that would allow the device/user to be "trusted" for a period of time, so they don't get repetitive MFA prompts at every VPN login? I know there are lots of SSO/Integration options with the SSL VPN, but that appears to be going away, thanks to all the security issues. I can't find one that will integrate via LDAP/Radius with the IPSEC VPN. Thanks!

Stephen_G

Staff & Editor

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Stephen_G - Fortinet Community Team

ScottyTAuthor

New Member

Thanks. I think I found the solution - the article below describes how to use Azure IdP as the provider with IPSEC VPN. I can then control the MFA prompting using Azure Conditional Access Policies.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-Dialup-IPsec-with-Azure-SAML-as-IDP/ta-p/341338

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded