|
SSL VPN tunnel mode is enabled in the firewall and the radius users are imported to the FortiGate.
It is necessary to make sure the actual RADIUS user name and the user imported in the FortiGate are the same. If not, a ' credential or ssl vpn configuration is wrong (-7200)' error will be received.
Check the below-mentioned output.
config user local
edit "test" <- Name of the user in firewall.
set status enable
set type radius
Since the username in the firewall and radius is the same authentication is successful and two factors worked.
Post entering the Token. It worked.
By mistake, if the radius user is saved with a different user name then VPN will not work.
config user local
edit "Test" <- The name from test to Test has been changed.
set status enable
set type radius
Trying to connect the VPN but it is not working.
It is because of the case sensitive, and post making the below mentioned changes the VPN is connected.
Note:
This option is only available when two-factor authentication is enabled for the user.
config user local
edit "Test"
set status enable
set type radius
set username-case-sensitivity <- To disable it, use 'set username-case-sensitivity disable'.
end
Note:
As of FortiOS 7.0.1 and above, the syntax of the command has been changed to 'username-sensitivity'.
|
