Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate SSL VPN + Duo Security + RADIUS Authentication + VDOM's

Good evening.  


I have a pair of FGT-100D's in HA configuration, WITH VDOM's.  I'm trying to configure the Duo Security RADIUS 2FA using the details here:  It's pretty clear that when using RADIUS auth, you need to increase the timeout or you won't have time to accept the push, and the default is 5 seconds - which is exactly what i'm seeing from my FortiClient in testing.  


Their document includes:

#config system global #set remoteauthtimeout 60 #end

Which of course is not 'correct' for a VDOM configuration, which should be:

# conf global

# conf system global

# set remoteauthtimeout 60

# end


Based on my observation though, it appears that this does nothing to affect a VDOM with a RADIUS auth source configured. Is there a hidden command setting somewhere I might need to make this work? I do have an open ticket with both Fortinet and Duo, but thought I'd ask in the forums.  If I get a working answer back, I'll update.  In the interim, I need to find a non-HA, and/or non-VDOM configuration to test with and see/confirm if that is in fact the issue, or if there is something else.  





You may try use CLI:config global/config system global/    set two-factor-fac-expiry 300 /end, if your Radius server return Challenge to ask 2FA, thanks.



I wanted to try the DUO for two-factor authentication.  Were you able to figure out the fix?

Esteemed Contributor III

Here's a short blog on what we've done with duo







Hi, this did not work for me and I am experiencing the same problem. In 5 seconds the auth times out and the push comes after, even with these settings both at 300. How do we get the timer to 300 for a VDOM which contains the SSL VPN portal and settings?