Skip to main content
francesco98
francesco98
New Member
January 21, 2026
Question

MFA and FortiClient VPN

  • January 21, 2026
  • 3 replies
  • 454 views

Hello everyone,
we are currently implementing multi-factor authentication (MFA) on FortiClient VPN for our users.
From FortiClient EMS, I have correctly configured the domain, Zero Trust settings, and the related policies.

The issue occurs during the VPN connection phase: when MFA is enabled, the connection fails and is dropped, whereas disabling MFA allows the VPN connection to be established successfully without any issues.

At the moment, I am unable to identify the root cause of this problem.
Has anyone experienced a similar behavior or can suggest which checks should be performed?

3 replies

AEK
SuperUser
AEK
SuperUser
January 21, 2026

Hi Francesco

I guess you are using a radius server for MFA. In that case you need to check the RADIUS logs.

AEK
vpolovnikov
Staff & Editor
vpolovnikov
Staff & Editor
January 21, 2026

Hey Francesco,

As AEK has mentioned, I'd recommend checking the RADIUS logs on the authentication server (i.e. FortiAuthenticator, NPS, etc.).


In addition, you can check FortiGate GUI Event logs and search for authentication failures. It may give out some hints on what could be wrong.

And, I'd also recommend collecting FortiGate CLI diagnostics logs that you could later on submit to Fortinet support. It'll help them diagnose the issue effectively. This article may be helpful: https://community.fortinet.com/t5/FortiClient/Troubleshooting-Tip-Collecting-logs-for-addressing-VPN/ta-p/362101

francesco98
francesco98Author
New Member
January 22, 2026

Thank you very much for the help and the advice, I really appreciate it. In fact, I had no idea where to check the logs. Thank you again, and I wish you a good day!

Terms & ConditionsAccessibility statement