FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nathan_h
Staff
Staff
Description This article describes how to configure VIP Policy with FortiAuthenticator 2-Factor suthentication on VIP Policy.
Scope  
Solution

FortiGate Configuration:

 

1) Configure Radius server (FortiAuthenticator IP).

 

nathan_h_1-1656570105076.png

 

2) Configure group.

 

nathan_h_3-1656570187152.png

 

3) Configure VIP.

 

nathan_h_4-1656570335196.png

 

4) Configure firewall policy.

 

nathan_h_5-1656570370347.png

 

5) Configure on the CLI.

 

# config user setting

# config auth-ports

    edit 1

        set port 8080 # <----- Port should match the External service port on VIP.

    next

end

end

 

# config system global

    set remoteauthtimeout 60

end

 

FortiAuthenticator configuration:

 

1) Create user on FortiAuthenticator with 2FA enabled.

 

nathan_h_0-1656570549306.png

 

2) Configure Radius Client (FortiGate IP).

 

nathan_h_1-1656570581275.png

 

3) Configure Radius policy.

 

nathan_h_2-1656570602862.png

 

nathan_h_4-1656570719116.png

 


Testing.

 

1) Access using the VIP External IP. Login with username and password.

 

nathan_h_5-1656570762075.png

 

2) Enter the FortiToken.

 

nathan_h_6-1656570798291.png

 

3) Successful login.

 

nathan_h_7-1656570818330.png

 

Logs.

 

 FortiGate:

 

nathan_h_8-1656570907225.png

 

FortiAuthenticator:

 

nathan_h_9-1656570963529.png
Contributors