Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
asapHO
New Contributor

Has anyone implemented TwoFactor SSL-VPN Portal with RADIUS/ActiveDirectory?

Hi community,

 

I'm unable to configure a working two factor authentication with my fortigate unit. I have a working SSL-VPN Portal using either Windows Active Directory authentication (LDAP; username & password) or RADIUS OTP Token authentication (using SafeNet Authentication Manager 8.2; username and one time passcode). Right now I want to implement the Portal using both - LDAP Authentication AND OTP (the same time) so that a username and password combination cannot be cracked (that easy) using brute force attacks.

 

Has anyone done this or something like this before?

 

Thanks for your Feedback,

 

best regards

14 REPLIES 14
asapHO
New Contributor

Hi Community,

 

thanks for all your Feedback, I've already implemented 2-factor by adjusting the RADIUS Plugin of SAM to check both, a mix of Windows Password and PIN. This works quite good but was somewhat compliacted to adjust - also to Keep in mind that you Need to reenroll your OTP Token to activate the new OTP Policy.

 

So the solution was provided by SafeNet self.

 

Thanks for all your responses - best regards

boneyard
Valued Contributor

thank your for sharing your information asapHO.

 

do you have a link to the documentation what you used to build this? how does it work now on the fortigate side, do you enter username / password and on the next field pincode or differently?

 

btw: are you using safenet on premise or cloud?

sedanoc

Hi Community,

asapHO

Can you please help me with the final solution documentation?

I am facing the same issues right now   !!

 

 

emnoc
Esteemed Contributor III

Here's my DUO MFA with sslvpn.  for  fortigate=fortitoken article, that I wrote up. You have  a few cookbooks/KBs and   other items to google.

 

http://socpuppet.blogspot...slvpn-with-mfa-by.html

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
boneyard
Valued Contributor

thanks emnoc, that is quite a write up.

 

though i kinda believe that the last questions / requests are mainly focused at Gemalto / Safenet MFA integration. which asapHO seems that have done.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors