Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
apex
New Contributor

Created on ‎04-19-2013 06:13 AM

Two Factor Authentication with FortiClient via IPsec

Hi All, I' m struggling with configuration of 2FA with forticlient over IPsec VPN. I have a FG100D running 5.0. My Fortitoken is installed my mobile. I configured SSL portal on the unit and can connect to it OK either via browser or FortiClient (5.0.2), then I authenticate successfully using my AD credentials (via LDAP) and then I' m being prompted for the token code - all works as expected However when I try connect with the FortiClient using IPSec VPN (forticlient 5.0.2 - interface mode with xauth, or forticlient 4.2.5 - tunnel mode with xauth) - I get the log on window, enter my credentials and I' m logged in... but... how do I use the token code here? I' m never get prompted for it? Has anyone configured 2FA with IPsec on FortiClient? I appreciate any suggestion and advice... Many thanks, A
11483
0 Kudos
5 REPLIES 5
Chris_Lin_FTNT
Staff
Staff

Created on ‎04-20-2013 09:51 AM

Hi, Can you show me your FortiGate firewall policy regarding the SSL portal, and how you create those users to use AD, and fortitoken?
2288
0 Kudos
apex
New Contributor

Created on ‎04-22-2013 03:06 AM

Hi Chris.Lin, thanks for msg, but the SSL works fine, it' s the IPsec that doesn' t prompt me for the token code..
2288
0 Kudos
Chris_Lin_FTNT
Staff
Staff
In response to apex

Created on ‎04-22-2013 09:45 AM

For FortiGate local user with FortiToken, I can get the token prompt for IPSec without problem. But I haven' t tried AD user + FortiToken and that' s why I am interested in how you configure that.
2288
0 Kudos
L_FTNT
Staff
Staff

Created on ‎04-25-2013 01:20 PM

However when I try connect with the FortiClient using IPSec VPN (forticlient 5.0.2 - interface mode with xauth, or forticlient 4.2.5 - tunnel mode with xauth) - I get the log on window, enter my credentials and I' m logged in... but... how do I use the token code here? I' m never get prompted for it?
Are you using the same user for both SSL VPN and IPSec VPN? If so, that would be very odd that it works for SSL but not for IPSec.
Has anyone configured 2FA with IPsec on FortiClient?
Yes, it worked like a charm for us :) To be accurate, you don' t need to do any special configuration on the FortiClient - all setup is on FGT - the user you use for xAuth should have 2-FA enabled. LC
Ling Lu
2288
0 Kudos
apex
New Contributor
In response to L_FTNT

Created on ‎04-26-2013 05:35 AM

All sorted! I had an LDAP group set under xauth rather than a local one. Assigned membership of the AD users to local group and set this under phase1. All is working as expected Thanks guys! A
2288
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.