| Description | This article describes how to configure VIP Policy with FortiAuthenticator 2-Factor suthentication on VIP Policy. |
| Scope | |
| Solution |
FortiGate Configuration:
1) Configure Radius server (FortiAuthenticator IP).
2) Configure group.
3) Configure VIP.
4) Configure firewall policy.
5) Configure on the CLI.
# config user setting # config auth-ports edit 1 set port 8080 # <----- Port should match the External service port on VIP. next end end
# config system global set remoteauthtimeout 60 end
FortiAuthenticator configuration:
1) Create user on FortiAuthenticator with 2FA enabled.
2) Configure Radius Client (FortiGate IP).
3) Configure Radius policy.
Testing.
1) Access using the VIP External IP. Login with username and password.
2) Enter the FortiToken.
3) Successful login.
Logs.
FortiGate:
FortiAuthenticator:
 |
