Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

VPN authenticate 2FA - with LDAP an RADIUS


I've configured my fortigate VPN to use LDAP, users are authenticated by default using LDAP/AD.

User enter login and password and authentication is done on AD.


Now I want to add 2FA in test so I need to keep the actual config by default and then create a remote group that will use Radius to authenticate. 

But If I try to create a remote group then looks like I've to define also local users that is not very useful for my config because I want to keep users and groups on LDAP and then filter on it and use Radius just for a reduced amount of users.


Anyone can help me ?




Hm I have IPSec running on our FGT using radius for 2fa with FortiToken as 2. factor and fortiauthenticator as radiusserver and it works fine using ike v1.

It does not work using ike v2 because of an EAP issue.


All we needed to do is create a radius connector on the FGT and a radius group on the radius server and addd that to the FGT. I could look into the config to find it.

There was no need to create local users here.


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors