I have a pair of FGT-100D's in HA configuration, WITH VDOM's. I'm trying to configure the Duo Security RADIUS 2FA using the details here: https://duo.com/docs/fortinet. It's pretty clear that when using RADIUS auth, you need to increase the timeout or you won't have time to accept the push, and the default is 5 seconds - which is exactly what i'm seeing from my FortiClient in testing.
Their document includes:
#config system global
#set remoteauthtimeout 60
Which of course is not 'correct' for a VDOM configuration, which should be:
# conf global
# conf system global
# set remoteauthtimeout 60
Based on my observation though, it appears that this does nothing to affect a VDOM with a RADIUS auth source configured. Is there a hidden command setting somewhere I might need to make this work?
I do have an open ticket with both Fortinet and Duo, but thought I'd ask in the forums. If I get a working answer back, I'll update. In the interim, I need to find a non-HA, and/or non-VDOM configuration to test with and see/confirm if that is in fact the issue, or if there is something else.
Hi, this did not work for me and I am experiencing the same problem. In 5 seconds the auth times out and the push comes after, even with these settings both at 300. How do we get the timer to 300 for a VDOM which contains the SSL VPN portal and settings?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.