FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This configuration adds multi-factor authentication (MFA) to the FortiClient VPN configuration. It uses one of the two free mobile FortiTokens that is already installed on the FortiGate.
This article describes how to configure multi-factor authentication.
Solution To configure MFA from GUI.
1) Edit the user: - Go to User & Authentication -> User Definition and edit local user vpnuser1. - Enable Two-factor Authentication and select one mobile FortiToken from the list. - Enter the user's Email Address. - Enable Send Activation Code and select Email. - Select 'Next' and select 'Submit'.
2) Activate the mobile FortiToken. - When a FortiToken is added to user vpnuser1, an email is sent to the user's email address. Follow the instructions to install the FortiToken mobile application on the unit and activate the FortiToken.
To configure MFA from CLI.
1) Edit the user and user group:
# config user local edit "vpnuser1" set type password set two-factor fortitoken set fortitoken <select mobile token for the option list> set email-to <user's email address> set passwd <user's password> next end
2) Activate the mobile FortiToken. - When a FortiToken is added to user vpnuser1, an email is sent to the user's email address. Follow the instructions to install the FortiToken mobile application on the unit and activate the FortiToken.
