Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ztraa
New Contributor

Two Factor Email and IPSec

I have a Fortigate60E device on which I have set an IPsec. Clients connect through Forticlient VPN. For budget reasons, I activated two factor via email. The user enters the password and the field opens where the code received by email must be entered. I noticed that on the station where the login is actually done, from the moment the password is entered until after the code is entered, there is no Internet connection at all. Thus, it is a problem to receive the code from the email. The only solution is to have the email address set on the phone. After the code is entered and the connection is established, the internet is restored. How could I solve this problem?

10.0.0.0.1 192.168.1.254
2 REPLIES 2
srajeswaran
Staff
Staff

I think this matches your issue. Please test the solution suggested here.
https://community.fortinet.com/t5/Support-Forum/PC-losing-internet-connectivity-while-using-FortiCli...
https://community.fortinet.com/t5/Support-Forum/Connect-to-IPSec-VPN-with-2FA-when-connected-through...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
hbac
Staff
Staff

Hi @ztraa,

 

It is an expected behavior of FortiClient. Please refer to https://docs.fortinet.com/document/forticlient/7.2.4/xml-reference-guide/96295/ike-settings

You need to set <implied_SPDO> to 1 and set <implied_SPDO_timeout> greater then 0. FortiClient allows all outbound traffic (including non-IKE traffic) for the duration configured. Some users find that a value of 30 or 60 seconds suffices.

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors