- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FGT SSL VPN with Microsoft Authenticator
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FGT SSL VPN with Microsoft Authenticator
Hi Guys,
Is it possible to directly integrate the on-premise FortiGate with SSL VPN use case to my Microsoft Authenticator to be my 2FA mechanism? Or, should I use a RADIUS server like FortiAuthenticator where the FortiAuthenticator will be the integration point of my FGT, AD, and Microsoft Authenticator? Thank you.
Thanks
Solved! Go to Solution.
Labels:
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @FXE_FTNT ,
If you use Azure AD, you can use Microsoft Authenticator with SAML integration directly. But if you want to use Radius, you need to integrate Fortigate into NPS.
You can review these documents.
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ozkanaltas , thank you so much for your help.
About the FortiGate SSL VPN app in Azure, I saw it in this tutorial and I am not sure what is the purpose of it. https://www.youtube.com/watch?v=nDH2wvveLrI
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @FXE_FTNT ,
If you use Azure AD, you can use Microsoft Authenticator with SAML integration directly. But if you want to use Radius, you need to integrate Fortigate into NPS.
You can review these documents.
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ozkanaltas , but will this work if my FortiGate is the hardware type?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @FXE_FTNT ,
Yes of course.
The difference in FortiGate deployment types does not change anything. Because they all run the same operating system.
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ozkanaltas , I see, so basically, I just need access to Azure from my hardware-based FortiGate correct?
Created on 01-19-2024 12:54 AM Edited on 01-19-2024 12:56 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @FXE_FTNT ,
If you want use saml for authentication yes, that's right. Fortigate access to Azure, it's enough.
But if you want to use RADIUS for authentication. You need to install one Windows server and you need to activate the NPS feature on this server. After that, you can configure nps server and your Fortigate.
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ozkanaltas just to clarify, if I use only the SAML method, I can also use the Microsoft MFA as the 2FA mechanism for my VPN users?
Also, I have been watching over some tutorials and I saw that they are installing "FortiGate SSL VPN" application in their Azure, may I know what is the purpose of it? Thank you
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @FXE_FTNT ,
Yes, you can use Microsoft MFA. Because saml works differently from other auth methods. This method uses browser authentication for your auth request. Like a login to your Outlook web app. If you already configured 2FA for your users. Do not need to do anything on your Azure AD. Just need to integrate with your Fortigate and Azure environment. If you prefer this way, you can follow the below document.
https://learn.microsoft.com/tr-tr/entra/identity/saas-apps/fortigate-ssl-vpn-tutorial
Actually, I don't understand how they installed the FortiClient SSL VPN app on their Azure. If you share this content with us, I can give comments about this.
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ozkanaltas , thank you so much for your help.
About the FortiGate SSL VPN app in Azure, I saw it in this tutorial and I am not sure what is the purpose of it. https://www.youtube.com/watch?v=nDH2wvveLrI
Created on 01-19-2024 01:19 AM Edited on 01-19-2024 01:41 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @FXE_FTNT ,
I understand now the meanings of the Fortigate Application. Actually, this is not like application deployment. This is just deploying pre-configured settings on Azure SAML.
Also, the FortiClient VPN Application in the video is a VPN client for clients. If you want to connect a VPN with your client you have two options Web or FortiClient. You can use both options to connect to the VPN.
I think this video is a good guide for SAML integration. You can follow it.
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Related Posts
- LDAPS issue, 'Can't contact LDAP server' 322 Views
- After upgrade to authenticator 6.5.4 issues... 75 Views
- Setting SSL/SSH inspection profile causes most... 209 Views
- FortiEMS / FortiClient / Azure 109 Views
- FortiGate SSL / Integration with Azure... 194 Views
Labels
-
FortiGate
6,528 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
59 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.