We have been using an old version of the FortiClient VPN, 6.4 I believe, and have recently updated to 7.2.3. We have two VPNs that are set for users, the SSL VPN, and have given people the option to have an IPSec version of it.
Both VPNs are set to use the same RADIUS server in the back end that will prompt for a 2nd factor. Upon upgrading the client, the SSL VPN still works as expected, user puts in username and password, and a prompt for the 2nd factor comes in. However, when switching to the IPSec VPN, the prompt for the 2nd factor never appears, and the client waits until it times out.
The authentication request shows as successful in the RADIUS logs and that it's waiting on the user to enter a 2nd factor, but it client never makes the request of the user. This was working fine in the 6.4 version of the client, but is currently not working in 7.2. The ForitOS we have installed on our firewalls is 7.0.14.
Any thoughts on what I can look at or set?
Hi @AOsterlund,
Is FortiClient installed on Windows or Mac OS? Does it work with non-RADIUS user? Please collect debugs on FortiGate:
di deb res
di deb app sslvpn -1
di deb app fnbamd -1
di deb en
Regards,
Hi @AOsterlund ,
Perhaps have a look at the guide here and verify your configuration.
https://docs.fortinet.com/document/fortitoken/latest/comprehensive-guide/822163/example-ipsec-vpn-tw...
https://video.fortinet.com/products/fortigate/5.4/cookbook-ipsec-vpn-two-factor-auth-with-fortitoken...
It sounds like a compatibility issue with the FortiClient update. Verify settings for IPSec VPN in the new version and consider reaching out to Master Mod Apk and Fortinet support for assistance. Ensure firmware and client configurations are aligned for MFA functionality.
After making changes on the client and on the server side several times, and setting things back to the way they were before, it began to work as expected again. I'm unsure what setting got misaligned, but it is now working as expected. Thanks for the help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.