Hi Guys,
Is it possible to directly integrate the on-premise FortiGate with SSL VPN use case to my Microsoft Authenticator to be my 2FA mechanism? Or, should I use a RADIUS server like FortiAuthenticator where the FortiAuthenticator will be the integration point of my FGT, AD, and Microsoft Authenticator? Thank you.
Thanks
Solved! Go to Solution.
Hello @FXE_FTNT ,
If you use Azure AD, you can use Microsoft Authenticator with SAML integration directly. But if you want to use Radius, you need to integrate Fortigate into NPS.
You can review these documents.
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension
Hi @ozkanaltas , thank you so much for your help.
About the FortiGate SSL VPN app in Azure, I saw it in this tutorial and I am not sure what is the purpose of it. https://www.youtube.com/watch?v=nDH2wvveLrI
Hello @FXE_FTNT ,
If you use Azure AD, you can use Microsoft Authenticator with SAML integration directly. But if you want to use Radius, you need to integrate Fortigate into NPS.
You can review these documents.
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension
Hi @ozkanaltas , but will this work if my FortiGate is the hardware type?
Hi @FXE_FTNT ,
Yes of course.
The difference in FortiGate deployment types does not change anything. Because they all run the same operating system.
Hi @ozkanaltas , I see, so basically, I just need access to Azure from my hardware-based FortiGate correct?
Created on 01-19-2024 12:54 AM Edited on 01-19-2024 12:56 AM
Hi @FXE_FTNT ,
If you want use saml for authentication yes, that's right. Fortigate access to Azure, it's enough.
But if you want to use RADIUS for authentication. You need to install one Windows server and you need to activate the NPS feature on this server. After that, you can configure nps server and your Fortigate.
Hi @ozkanaltas just to clarify, if I use only the SAML method, I can also use the Microsoft MFA as the 2FA mechanism for my VPN users?
Also, I have been watching over some tutorials and I saw that they are installing "FortiGate SSL VPN" application in their Azure, may I know what is the purpose of it? Thank you
hi @FXE_FTNT ,
Yes, you can use Microsoft MFA. Because saml works differently from other auth methods. This method uses browser authentication for your auth request. Like a login to your Outlook web app. If you already configured 2FA for your users. Do not need to do anything on your Azure AD. Just need to integrate with your Fortigate and Azure environment. If you prefer this way, you can follow the below document.
https://learn.microsoft.com/tr-tr/entra/identity/saas-apps/fortigate-ssl-vpn-tutorial
Actually, I don't understand how they installed the FortiClient SSL VPN app on their Azure. If you share this content with us, I can give comments about this.
Hi @ozkanaltas , thank you so much for your help.
About the FortiGate SSL VPN app in Azure, I saw it in this tutorial and I am not sure what is the purpose of it. https://www.youtube.com/watch?v=nDH2wvveLrI
Created on 01-19-2024 01:19 AM Edited on 01-19-2024 01:41 AM
Hi @FXE_FTNT ,
I understand now the meanings of the Fortigate Application. Actually, this is not like application deployment. This is just deploying pre-configured settings on Azure SAML.
Also, the FortiClient VPN Application in the video is a VPN client for clients. If you want to connect a VPN with your client you have two options Web or FortiClient. You can use both options to connect to the VPN.
I think this video is a good guide for SAML integration. You can follow it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.