Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AWoroch
New Contributor

Created on ‎06-10-2016 09:36 PM

Fortigate SSL VPN + Duo Security + RADIUS Authentication + VDOM's

Good evening.  

 

I have a pair of FGT-100D's in HA configuration, WITH VDOM's.  I'm trying to configure the Duo Security RADIUS 2FA using the details here: https://duo.com/docs/fortinet.  It's pretty clear that when using RADIUS auth, you need to increase the timeout or you won't have time to accept the push, and the default is 5 seconds - which is exactly what i'm seeing from my FortiClient in testing.  

 

Their document includes:

#config system global #set remoteauthtimeout 60 #end

Which of course is not 'correct' for a VDOM configuration, which should be:

# conf global

# conf system global

# set remoteauthtimeout 60

# end

 

Based on my observation though, it appears that this does nothing to affect a VDOM with a RADIUS auth source configured. Is there a hidden command setting somewhere I might need to make this work? I do have an open ticket with both Fortinet and Duo, but thought I'd ask in the forums.  If I get a working answer back, I'll update.  In the interim, I need to find a non-HA, and/or non-VDOM configuration to test with and see/confirm if that is in fact the issue, or if there is something else.  

 

Thanks.

Labels:
14568
0 Kudos
4 REPLIES 4
Jeff_FTNT
Staff
Staff

Created on ‎06-14-2016 04:08 PM

Hello,

You may try use CLI:config global/config system global/    set two-factor-fac-expiry 300 /end, if your Radius server return Challenge to ask 2FA, thanks.

 

4552
0 Kudos
khangaroo
New Contributor
In response to Jeff_FTNT

Created on ‎11-08-2017 12:43 PM

I wanted to try the DUO for two-factor authentication.  Were you able to figure out the fix?

4552
0 Kudos
emnoc
Esteemed Contributor III
In response to khangaroo

Created on ‎11-09-2017 07:44 AM

Here's a short blog on what we've done with duo

 

http://socpuppet.blogspot...slvpn-with-mfa-by.html

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4552
0 Kudos
geseront
New Contributor
In response to Jeff_FTNT

Created on ‎02-25-2022 06:10 AM

Hi, this did not work for me and I am experiencing the same problem. In 5 seconds the auth times out and the push comes after, even with these settings both at 300. How do we get the timer to 300 for a VDOM which contains the SSL VPN portal and settings?

3815
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.