Hello,
Our FortiClient SSL VPN users connect using a username and password with a push prompt for MFA using Cisco Duo. The FortiGate has a RADIUS connection to a server running Duo proxy. Everything works great until the auth timeout is reached. When the auth timeout is reached, users are prompted to accept the MFA/Duo push but they aren't asked to sign into the FortiClient again with their username and password. All the user has to do to stay connected is to accept the MFA push without having to re-enter their credentials. I want for the users to have to re-enter their credentials plus the MFA push, not just the MFA push.
Does anyone know why this is happening?
Hello @jseeley ,
Please try increasing the remoteauthtimeout value to 120 and see if it works. That setting is under global. You can use following command:
config sys global
set remoteauthtimeout 120
end
test again if that helps.
Reference articles:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-and-two-factor-expiry-timers...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explaining-global-set-remoteauthtimeout-us...
Hi @jseeley,
What is the FortiClient version? Is it managed by FortiClient EMS? Do you have "Save Password" option enabled on FortiClient? https://docs.fortinet.com/document/forticlient/7.2.1/administration-guide/437773/save-password-auto-...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.