It's been nearly a year since I moved from Cisco to Fortinet and I have to say MFA is extremely buggy. Currently running v7.4.1 build2463. We are using LDAP to create our user accounts and then add the user into a local user group on the FortiGate, then finally enabling two-factor. We will run into issues where a user will be entering in the correct username, password, and MFA token but a (using FortiTokens) message like VPN server is unreachable is thrown on the client side. I've tried debugging with no luck and I've also had a few tickets opened with support and once again no resolution. Starting to think I should have never switched to Fortinet. The only fix we can come up with is to disable MFA and then reboot the device and then the user can finally connect but only using only password authentication. Has anyone else dealt with this issue and if so what was your fix? I can't be the only one with this problem. Thanks in advance!
Sorry for the late response, but none of the aforementioned changes worked. I had two users last week who could not connect when MFA is enabled. The only fix was to disable MFA, reboot, and then the user was able to login to the VPN. Very frustrating for everyone.
Hi,
don't have the exact same scenario... I don't use a LDAP-Server for that.
All users are configured as local users and MFA via mail works fine.
Can you try your setup with a local user instead of a LDAP user?
I know that it doesn't solve your current problem, but maybe it narrows down to the actual source of the error.
Best regards
Immu
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.