FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
The article describes how to use FortiToken when connecting to IPSEC dialup connection using iOS Native VPN.
Scope
FortiGate
Solution
For IOS Native IPSEC VPN, it will not prompt for the two-factor authentication. Instead, token code should be appended on the password during the authentication in the format 'password+2FA'.
Example:
Password: p@ssw0rd Token Code: 345678
User will enter p@ssw0rd345678 when prompted with the password.
Debug logs showing concatenation of FortiToken code
[1909] handle_req-Rcvd auth req 2040096264 for anabel in IPSEC_LDAP_2FA opt=00000000 prot=5 <> [927] retry_concatenated_fortitoken-Retrying for concatenated pwd & FTK for req 2040096264 <> [2679] fnbamd_ldap_result-Result for ldap svr 10.10.10.1(LDAP_SERVER) is SUCCESS [1642] fnbam_user_auth_group_match-req id: 2040096264, server: LDAP_SERVER, local auth: 0, dn match: 1 [1598] __group_match-Group 'IPSEC_LDAP_2FA' passed group matching [1601] __group_match-Add matched group 'IPSEC_LDAP_2FA'(4) [2690] fnbamd_ldap_result-Passed group matching
