- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate SSL VPN + Duo Security + RADIUS Authentication + VDOM's
Good evening.
I have a pair of FGT-100D's in HA configuration, WITH VDOM's. I'm trying to configure the Duo Security RADIUS 2FA using the details here: https://duo.com/docs/fortinet. It's pretty clear that when using RADIUS auth, you need to increase the timeout or you won't have time to accept the push, and the default is 5 seconds - which is exactly what i'm seeing from my FortiClient in testing.
Their document includes:
#config system global #set remoteauthtimeout 60 #end
Which of course is not 'correct' for a VDOM configuration, which should be:
# conf global
# conf system global
# set remoteauthtimeout 60
# end
Based on my observation though, it appears that this does nothing to affect a VDOM with a RADIUS auth source configured. Is there a hidden command setting somewhere I might need to make this work? I do have an open ticket with both Fortinet and Duo, but thought I'd ask in the forums. If I get a working answer back, I'll update. In the interim, I need to find a non-HA, and/or non-VDOM configuration to test with and see/confirm if that is in fact the issue, or if there is something else.
Thanks.
- Labels:
-
5.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
You may try use CLI:config global/config system global/ set two-factor-fac-expiry 300 /end, if your Radius server return Challenge to ask 2FA, thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wanted to try the DUO for two-factor authentication. Were you able to figure out the fix?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here's a short blog on what we've done with duo
http://socpuppet.blogspot...slvpn-with-mfa-by.html
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, this did not work for me and I am experiencing the same problem. In 5 seconds the auth times out and the push comes after, even with these settings both at 300. How do we get the timer to 300 for a VDOM which contains the SSL VPN portal and settings?
