Is it not possible to use 2FA (Fortitokens) when using Fortinet's EMS with ZTNA solution?
When I enable 2FA for the SSL-VPN it seems to just freeze and doesn't allow me to connect using the Forticlient.
If I remove the ZTNA solution and just use the free Forticlient for basic VPN then the 2FA works fine.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you help clarify your issue? ZTNA does not require SSL VPN connectivity to work. But are you saying with ZTNA enabled your SSL VPN connectivity stops working?
Thanks for the reply.
SSL-VPN works fine but only with 2FA disabled.
I can use a ZTNA enabled client with the Fortinet EMS server fine. It connects fine with web filtering, anti virus etc all enabled. One of the profiles is also remote access so it downloads the SSL-VPN details.
The SSL-VPN will connect as long as I don't have 2FA enabled on the Fortigate itself. If I enable it then the client goes through the motions but just freezes on the token screen.
If I enter the same SSL-VPN details onto another PC which doesn't have the ZTNA client, it just has the SSL-VPN but still using the forticlient software then it connects fine using exactly the same username/password with the 2FA details.
I hope that makes some sense
Thanks!
Sounds like possibly some naming confusion here. I just want to clarify:
ZTNA is an access method whereby internal apps are accessed via HTTPS tunnel (without requiring SSL VPN connectivity). Are you using ZTNA?
FortiClient VPN is the free VPN Client from Fortinet
FortiClient is the licensed VPN client from Fortinet and requires a connection to a FortiClient EMS server.
You can run FortiClient and EMS without using ZTNA. ZTNA is one feature out of many included with FortiClient EMS.
So, with that out of the way can we simplify your problem as being "SSL VPN with 2FA works on FortiClient VPN but does not work with full featured FortiClient"?
If so, can you tell me what versions of each FortiClient VPN and FortiClient app you are using? Are the PCs both running same OS and same version?
On the FortiClient app you can collect logs using the diagnostic tool" https://docs.fortinet.com/document/forticlient/7.0.7/administration-guide/748524/diagnostic-tool
Do you see any interesting messages there?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1071 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.