Hey, Looking incorporate are existing Duo 2FA setup into our FortiGate
VPN, I've followed through the guide but falling at the last hurdle.
I've gotten as far as adding the Duo Proxy host as a radius server in
Forti and if I do "Test Credentials" her...
Hi, Our network consists of 26 access points, a combination of FAP431G,
FAP433F and FAP431F, it is pretty much perfect since it was installed 6
months ago, accept for one odd issue. Every now and then one of the APs
will decide it no longer like Appl...
I have cause to pull some information from a device connected to one of
our switches (FortiSwitch 124F-FPOE), which are connected to / managed
by our ForiGate's. Commands such as diagnose lldprx neighbor summary
work fine in the CLI of the FortiGate,...
Hi, I’m having a lot of trouble getting ourFortiGate firewalls (100Fs /
v7.2.10 build1706) to connect to our Microsoft NAS RADIUS server
(Windows Server 2022). In NAS there is a tick box that says
“Access-Request messages must contain the Message-Aut...
And I think we have a winner. So the problem was both the original user
group "VPN Users" and the new one "VPN Users Duo" where using the same
active directory security group for their member list. I've just created
a new AD group, which I've told th...
Thanks, I've turned that on and it does provide some interesting
although confusing information, it's hard to tell where one "request"
ends and another begins but the main thing that jumps out at me is these
lines: deconstruct_session_id:492 decode s...
So I've made some progress on this. I've added the new users group to
all the firewall rules surrounding the VPN and now I do get the prompt
on my phone.However, I get this prompt whether I have the group in the
SSL-VPN setting page set to the old no...
Hi, Currently running v7.2.10 build1706. Yes have done some diagnostics,
just to confirm when using the diagnostics command or using the "Test
Credentials" button on the RADIUS server configuration screen, it all
works find, the prompt is sent to my ...
Thanks for that, I'll have a read of those pages. In terms of logging
I'm not seeing anything with a higher status than warning, and those
are. However the MAC address's it lists against those messages don't
show in my client list (According to vario...