anybody managed to use the push feature ?
i managed using FAC 4.3.0 build 222 sending ios push to phone
on the phone click on Approve reply with a "request approved" message
but i am not sure how FAC will notify my radius client that auth has been approved
my setup (LAB)
- VM FAC4.3.0 build 222 (i tried to upgrade to 5.0.0 with actual config being migrated, but push was not working anymore, to be tested once again later)
- ios fortitoken mobile 4.1.1 (up to date)
- radius client = NTRadPing, with FTM push authentication enabled on this radius client.
i did some wireshark on ntradping pc :
Here are the steps :
- access-request from ntradping to FAC (OK)
- access-challenge from FAC to ntradping (OK)
- i receive the push on phone (set from FAC to apple servers on port tcp/2195)
- i accept on phone (sending the reply to FAC via the configured IP and port in FAC (menu described by cbabfat)
- nothing more ... no access-accept received from FAC to NTRadping (even using wireshark ...)
If i do the same using ntradping but sending back the token code via mtradping, i can see access-accept from FAC to NTRadping : auth is working fine (be aware of a small trick in ntradping to send the tokencode back : https://support.secureauth.com/hc/en-us/articles/115000594347-How-To-Test-RADIUS-Using-NTRadPing )
anyone using this FAC PUSH feature ?
anyone using this with FGT, or other devices not fortinet like ssl gateway 3rdparty ?