FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
chaithrar
Staff
Staff
Description
This configuration adds multi-factor authentication (MFA) to the FortiClient VPN configuration.
It uses one of the two free mobile FortiTokens that is already installed on the FortiGate.

This article describes how to configure multi-factor authentication.

Solution
To configure MFA from GUI.

1) Edit the user:
- Go to User & Authentication -> User Definition and edit local user vpnuser1.
- Enable Two-factor Authentication and select one mobile FortiToken from the list.
- Enter the user's Email Address.
- Enable Send Activation Code and select Email.
- Select 'Next' and select 'Submit'.

2) Activate the mobile FortiToken.
- When a FortiToken is added to user vpnuser1, an email is sent to the user's email address.
Follow the instructions to install the  FortiToken mobile application on the unit and activate the FortiToken.

To configure MFA from CLI.

1) Edit the user and user group:
# config user local
    edit "vpnuser1"
        set type password
        set two-factor fortitoken
        set fortitoken <select mobile token for the option list>
        set email-to <user's email address>
        set passwd <user's password>
    next
end
2) Activate the mobile FortiToken.
- When a FortiToken is added to user vpnuser1, an email is sent to the user's email address.
Follow the instructions to install the FortiToken mobile application on the unit and activate the FortiToken.

Contributors