We are rolling out the IPSEC VPN delivered to Windows laptops using the EMS client. Right now, we have the LDAP authentication for the IPSEC VPN integrated with Duo MFA. Users receive a Duo push to their mobile phones at every VPN login or reconnect.
Does anyone have a better MFA approach that would allow the device/user to be "trusted" for a period of time, so they don't get repetitive MFA prompts at every VPN login? I know there are lots of SSO/Integration options with the SSL VPN, but that appears to be going away, thanks to all the security issues. I can't find one that will integrate via LDAP/Radius with the IPSEC VPN. Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Thanks. I think I found the solution - the article below describes how to use Azure IdP as the provider with IPSEC VPN. I can then control the MFA prompting using Azure Conditional Access Policies.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.