FortiClient does not have "Push" option when using IPSEC VPN
I've had 2FA working again Authenticator for some time but recently was tasked with turning on the push notifications but my FortiClient does not have a "Push" button and I really never knew it was supposed to. I thought when you made the authentication request (logged in when prompted by the VPN config) that it would go ahead and ask you to input the token AND still accept the push, but from the 6.4.8 Release Notes it would appear that I should have the option to select "push" OR to enter my code:
To connect VPN with FortiToken Mobile using push notifications: 1.On theRemote Accesstab, select the VPN connection from the dropdown list. 2.Enter your username and password and click theConnectbutton. TheClick on 'FTM Push' or enter token codebox displays. 3.ClickFTM Push. Your device with FortiToken Mobile installed receives a notification. 4.On your device with FortiToken Mobile installed, tap the notification and follow the instructions to allow the authentication request and complete network authentication without typing the token code. You can also deny the authentication request, or do nothing and let the notification request expire.
I have my Authenticator configured for PUSH and have seen a request hit my FortiToken Mobile but no matter if I hit "approve" or "deny", the VPN times out. Never though have I seen the option to: TheClick on 'FTM Push button so is there something wrong with my deployment package in EMS perhaps then??
5)Optionally: The user can, instead of accepting the push notification, also simply enter the token code. FortiAuthenticator should receive this as another Access-Request, and accept the token code even if push notification has been initiated. This option might not be available if a user actively triggered push notification by sending an empty code or typing in 'push'.
I just tested it and it works. You can enable push notification in RADIUS policy in FAC and when trying to connect through IPSec VPN (FortiClient), you just type "push" instead of actual token in token field and then you recieve push notification on mobile app and can aprove login that way. And boom you are connected.
Only weird thing is that I will not get the push notification automaticaly when I enter credentials like with SSL VPN.
So the main question is, when push notification with IPSec VPN from FCT works, why cant we get this functionality with automatic push send as with SSL VPN? Or is there some release note on FAC/FCT where I just missed this feature?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.