Hello, everyone,
We still have the task open that we would like to connect our end users via IpSec VPN and ensure 2FA via the Fortitoken Cloud. Unfortunately, this has not been possible for several years. After doing the test for the repeated time today and it still doesn't work, I'm really starting to ask myself why this should be such a problem. Does anyone work with you?
FortiOS 7.2.3 FortiClient 7.0.2
We are due to update to FortiEMS 7.0.7 in the near future. But before I go to the trouble of updating the EMS, I would be interested to know whether this is finally possible afterwards.
Regards,
Andy
Hey Fortibeast,
I'm not aware of any particular issues with FortiTokenCloud related to FortiClient of any sort.
For FortiClient, the tokens should be treated much the same whether they are Cloud tokens, mobile tokens or hardware tokens.
It's primarily up to the FortiGate or FortiAuthenticator to handle token prompt and associate users with tokens (and then require them in VPN or other authentication context). Could you share some more information as to your FortiGate side setup?
- what firmware version are you using?
- is this IKEv2 IPSec? There were some issues with tokens for remote users in some firmware versions if I remember (don't think 7.2.3 was one of them though)
- have you tested SSLVPN to see if this is an IPSec-specific issue?
- what exact error are you getting? Does the tunnel setup break down at a specific point (and works without token)? Is the issue restricted to Cloud tokens, or does it also crop up with mobile tokens? (For testing, you should have two free mobile tokens on your FortiGate/FortiAuthenticator you can try instead of a Cloud token)
As mentioned above, from FortiClient perspective it shouldn't really matter what type of token the user has; it should only matter if a token is requested or not, and FortiClient shouldn't really behave any differently for the different token options.
Hi
Thanks for your feedback. Which versions I'm currently using is in the thread ;)
The whole thing works via SLS-VPN, it is a problem with IKEv2 IPSec. In the meantime, this has also been confirmed to me by several parties and I have now created a ticket with Fortinet, which is currently being verified.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.