Two Factor Email and IPSec

ztraa · ‎04-02-2024

I have a Fortigate60E device on which I have set an IPsec. Clients connect through Forticlient VPN. For budget reasons, I activated two factor via email. The user enters the password and the field opens where the code received by email must be entered. I noticed that on the station where the login is actually done, from the moment the password is entered until after the code is entered, there is no Internet connection at all. Thus, it is a problem to receive the code from the email. The only solution is to have the email address set on the phone. After the code is entered and the connection is established, the internet is restored. How could I solve this problem?

10.0.0.0.1 192.168.1.254

srajeswaran · ‎04-02-2024

I think this matches your issue. Please test the solution suggested here.
https://community.fortinet.com/t5/Support-Forum/PC-losing-internet-connectivity-while-using-FortiCli...
https://community.fortinet.com/t5/Support-Forum/Connect-to-IPSec-VPN-with-2FA-when-connected-through...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

hbac · ‎04-02-2024

Hi @ztraa,

It is an expected behavior of FortiClient. Please refer to https://docs.fortinet.com/document/forticlient/7.2.4/xml-reference-guide/96295/ike-settings

You need to set <implied_SPDO> to 1 and set <implied_SPDO_timeout> greater then 0. FortiClient allows all outbound traffic (including non-IKE traffic) for the duration configured. Some users find that a value of 30 or 60 seconds suffices.

Regards,

Two Factor Email and IPSec

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website