Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AOsterlund
New Contributor

Created on ‎02-21-2024 06:45 AM

MFA Does not work with IPSec Dialup but does for SSL VPN

We have been using an old version of the FortiClient VPN, 6.4 I believe, and have recently updated to 7.2.3.  We have two VPNs that are set for users, the SSL VPN, and have given people the option to have an IPSec version of it.

Both VPNs are set to use the same RADIUS server in the back end that will prompt for a 2nd factor.  Upon upgrading the client, the SSL VPN still works as expected, user puts in username and password, and a prompt for the 2nd factor comes in.  However, when switching to the IPSec VPN, the prompt for the 2nd factor never appears, and the client waits until it times out.

The authentication request shows as successful in the RADIUS logs and that it's waiting on the user to enter a 2nd factor, but it client never makes the request of the user.  This was working fine in the 6.4 version of the client, but is currently not working in 7.2.  The ForitOS we have installed on our firewalls is 7.0.14.

 

Any thoughts on what I can look at or set?

Labels:
1671
0 Kudos
4 REPLIES 4
hbac
Staff
Staff

Created on ‎02-21-2024 07:56 AM

Hi @AOsterlund,

 

Is FortiClient installed on Windows or Mac OS? Does it work with non-RADIUS user? Please collect debugs on FortiGate:

 

di deb res 

di deb app sslvpn -1 

di deb app fnbamd -1

di deb en 

 

Regards, 

1654
0 Kudos
dbu
Staff
Staff

Created on ‎02-21-2024 07:56 AM

Hi @AOsterlund ,
Perhaps have a look at the guide here and verify your configuration. 

https://docs.fortinet.com/document/fortitoken/latest/comprehensive-guide/822163/example-ipsec-vpn-tw...
https://video.fortinet.com/products/fortigate/5.4/cookbook-ipsec-vpn-two-factor-auth-with-fortitoken...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
1653
0 Kudos
michealjohnben12
New Contributor

Created on ‎02-21-2024 08:05 AM

It sounds like a compatibility issue with the FortiClient update. Verify settings for IPSec VPN in the new version and consider reaching out to Master Mod Apk and  Fortinet support for assistance. Ensure firmware and client configurations are aligned for MFA functionality.

1648
0 Kudos
AOsterlund
New Contributor

Created on ‎02-26-2024 06:26 AM

After making changes on the client and on the server side several times, and setting things back to the way they were before, it began to work as expected again.  I'm unsure what setting got misaligned, but it is now working as expected.  Thanks for the help.

1574
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.