Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
asapHO
New Contributor

Created on ‎11-07-2016 11:07 PM

Has anyone implemented TwoFactor SSL-VPN Portal with RADIUS/ActiveDirectory?

Hi community,

 

I'm unable to configure a working two factor authentication with my fortigate unit. I have a working SSL-VPN Portal using either Windows Active Directory authentication (LDAP; username & password) or RADIUS OTP Token authentication (using SafeNet Authentication Manager 8.2; username and one time passcode). Right now I want to implement the Portal using both - LDAP Authentication AND OTP (the same time) so that a username and password combination cannot be cracked (that easy) using brute force attacks.

 

Has anyone done this or something like this before?

 

Thanks for your Feedback,

 

best regards

Labels:
24420
0 Kudos
14 REPLIES 14
asapHO
New Contributor
In response to flexyz

Created on ‎01-19-2017 11:45 PM

Hi Community,

 

thanks for all your Feedback, I've already implemented 2-factor by adjusting the RADIUS Plugin of SAM to check both, a mix of Windows Password and PIN. This works quite good but was somewhat compliacted to adjust - also to Keep in mind that you Need to reenroll your OTP Token to activate the new OTP Policy.

 

So the solution was provided by SafeNet self.

 

Thanks for all your responses - best regards

2296
0 Kudos
boneyard
Valued Contributor
In response to asapHO

Created on ‎01-22-2017 03:23 AM

thank your for sharing your information asapHO.

 

do you have a link to the documentation what you used to build this? how does it work now on the fortigate side, do you enter username / password and on the next field pincode or differently?

 

btw: are you using safenet on premise or cloud?

2296
0 Kudos
sedanoc
New Contributor
In response to boneyard

Created on ‎12-24-2017 02:57 AM

Hi Community,

asapHO

Can you please help me with the final solution documentation?

I am facing the same issues right now   !!

 

 

2296
0 Kudos
emnoc
Esteemed Contributor III
In response to sedanoc

Created on ‎12-24-2017 05:30 PM

Here's my DUO MFA with sslvpn.  for  fortigate=fortitoken article, that I wrote up. You have  a few cookbooks/KBs and   other items to google.

 

http://socpuppet.blogspot...slvpn-with-mfa-by.html

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2296
0 Kudos
boneyard
Valued Contributor
In response to emnoc

Created on ‎12-26-2017 05:38 AM

thanks emnoc, that is quite a write up.

 

though i kinda believe that the last questions / requests are mainly focused at Gemalto / Safenet MFA integration. which asapHO seems that have done.

2296
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.