Description | This article provides solutions to increase the resiliency of road warrior and dial-up VPN connections against disconnection, without the need to save usernames and passwords or re-enter 2FA/MFA tokens. |
Scope | FortiClient SSL and IKEv2 dialup VPN with FortiGate as VPN gateway. |
Solution |
config system settings
config vpn ipsec phase1-interface
config vpn ipsec phase2-interface
config vpn ssl settings
To allow enough time for the remote authentication process to take place, the default value of the remote authentication timeout must be increased. This is mandatory for any kind of authentication that involves 2FA/MFA/Token or for SAML. Recommended minimum value is 60 seconds. Remote authentication timeout value should be adjusted according to the requirements of the environment. The value (60 seconds) may not work in some environments and higher values may be needed.
config system global set remoteauthtimeout 60 end
Related documents:
|