Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ScottyT
New Contributor II

Forticlient EMS IPSEC VPN w/MFA

We are rolling out the IPSEC VPN delivered to Windows laptops using the EMS client. Right now, we have the LDAP authentication for the IPSEC VPN integrated with Duo MFA. Users receive a Duo push to their mobile phones at every VPN login or reconnect. 

 

Does anyone have a better MFA approach that would allow the device/user to be "trusted" for a period of time, so they don't get repetitive MFA prompts at every VPN login? I know there are lots of SSO/Integration options with the SSL VPN, but that appears to be going away, thanks to all the security issues. I can't find one that will integrate via LDAP/Radius with the IPSEC VPN. Thanks!

2 REPLIES 2
Stephen_G
Moderator
Moderator

Hello,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Stephen - Fortinet Community Team
ScottyT
New Contributor II

Thanks. I think I found the solution - the article below describes how to use Azure IdP as the provider with IPSEC VPN. I can then control the MFA prompting using Azure Conditional Access Policies. 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-Dialup-IPsec-with-Azure-SAML-as-...

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors