Fortigate SSL VPN with Duo auto Push

Forum|Forum|4 years ago
February 25, 2022
1 reply
2794 views

Hello, we are experiencing the behavior noted in this previous old thread.

Re: Fortigate SSL VPN + Duo Security + RADIUS Auth... - Fortinet Community

We tried setting "config system global - set remoteauthtimeout" , did not seem to change it for our VDOM where the SSL VPN lives.

Other settings we tried: set two-factor-fac-expiry and set timeout 300 (the latter in the radius config)

Any ideas / help? We opened a case with Duo also

FortiGate

Debbie_FTNT

Staff & Editor

Hey geresont,

to my knowledge, the remoteauthtimeout setting should apply to the VDOM as well.

What firmware version is your FortiGate? I could have a look to see if there are reported bugs for your version and verify if the remoteauthtimeout setting doesn't apply correctly.

The 'two-factor-fac-expiry' and 'set timeout 300' should not apply to Duo Auth, I believe.

You can also gather this debug, it might provide some information:
#dia de reset

#dia de app fnbamd -1

#dia de console timestamp en

#dia de en

#dia test authserver radius <RADIUS server entry> <pap|chap|mschap2> <username> <password>

-> this triggers a RADIUS authentication, and debug will be dumped showing FortiGate contacting the RADIUS server.

There should also be an indication when a timeout is declared.

There are a lot of obscure numbers and error codes, but if you copy the output to a file (or log it to a file) you can search for 'timeout' or the radius server IP; there should also be something like 'received auth request <ID>', and you can use that ID to find the beginning and end of the auth request; the timestamps will let you know how long the FortiGate waited.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded