Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alex1
New Contributor II

Reverse proxy with two-factor authentication

Hi team, 

 

Does Fortinet have a reverse proxy solution with two-factor authentication? Maybe Fortiproxy has such a feature? I can't find any documentation on this. Could you please give me a hint.

 

FortiProxy , FortiGate , FortiAuthenticator , FortiToken , FortiWeb 

RickSanchez
RickSanchez
1 Solution
pminarik
Staff
Staff

You can add a user/group into source of a firewall policy for a VIP object, and it will present the usual captive portal on the VIP's port before permitting access:

pminarik_0-1674035592554.png

Naturally, this will also provide 2FA, if configured.

 

The caveat is that this still behaves like regular FortiGate captive portal: The authentication is IP-based (~anybody who shares the public IP with an authenticated client will also have access), and has a default 5-minute idle timeout (no packets -> start ticking). No cookies.

 

If your scenario cannot tolerate these limitations, I believe FortiWeb would be a better match for a more proper login flow, see e.g. https://docs.fortinet.com/document/fortiweb/7.2.0/administration-guide/111789/authentication-styles .

[ corrections always welcome ]

View solution in original post

2 REPLIES 2
pminarik
Staff
Staff

You can add a user/group into source of a firewall policy for a VIP object, and it will present the usual captive portal on the VIP's port before permitting access:

pminarik_0-1674035592554.png

Naturally, this will also provide 2FA, if configured.

 

The caveat is that this still behaves like regular FortiGate captive portal: The authentication is IP-based (~anybody who shares the public IP with an authenticated client will also have access), and has a default 5-minute idle timeout (no packets -> start ticking). No cookies.

 

If your scenario cannot tolerate these limitations, I believe FortiWeb would be a better match for a more proper login flow, see e.g. https://docs.fortinet.com/document/fortiweb/7.2.0/administration-guide/111789/authentication-styles .

[ corrections always welcome ]
Alex1
New Contributor II

Hmm, thanks, @pminarik. It looks like Fortiweb is the right one. 

RickSanchez
RickSanchez
Labels
Top Kudoed Authors