Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Riggie
New Contributor III

Unable to 'approve' 2FA prompt with VPN while 6-digit code works fine

Hello,

 

We've configured our Fortigate firewall this afternoon and configured our SSL VPN together with MFA. Everything works fine, but it seems that we have a problem with our MFA. The Fortitoken application is configured and shows a MFA code.

 

The Approve/Deny prompt isn't always working, it only appears to work sometimes while manually entering the 6-digit MFA code works fine in the same attempt. Did anyone ever experience something like this that managed to solve this?

 

We've enabled FTM on our WAN interface, a valid Forti Softwaretoken license is connected to the account. It doesn't matter which account we use, ever VPN account seems to experience this problem.

 

Thank you in advance!

1 Solution
Riggie
New Contributor III

Hello,

 

Thanks a lot for your reply. After reading your documentation I found this part: "There must be at least one administrator account with no trusted hosts configured:".

 

We had our Administrator account limited to a few trusted hosts, therefore it didn't accept the push notification OUTSIDE of those trusted hosts. We created a separate administrator for the push services and it seems to work now.

Thanks a lot for your reply!

View solution in original post

2 REPLIES 2
Riggie
New Contributor III

Hello,

 

Thanks a lot for your reply. After reading your documentation I found this part: "There must be at least one administrator account with no trusted hosts configured:".

 

We had our Administrator account limited to a few trusted hosts, therefore it didn't accept the push notification OUTSIDE of those trusted hosts. We created a separate administrator for the push services and it seems to work now.

Thanks a lot for your reply!

Labels
Top Kudoed Authors