The above is our standard configuration for all customers.
FortiGate/FortiClient IPsec VPNs, RADIUS server using PAP which connects
to the Duo RADIUS proxy server, which then authenticates against MS NPS
and upon succeeding contacts the Duo API for 2...
Mostly an MS shop here, internally as well as for our customers.AD is
our master of record for users and authentication, and we heavily
utilize Office 365. RADIUS is really an interim solution (legacy
solutions we inherit are usually LDAP, local devi...
So Duo support got back to me, they were under the impression that you
still had to choose one or the other: either use PAP so you can use the
2FA append, or use MSCHAPv2 so you can change your password. Looks like
this is not anything their software...
Is it possible to do this with an IPsec VPN? I tried setting the phase 2
selector remote IP range to change it from 0.0.0.0, but I can't use the
Geography type address object I created for the US.
That is crazy. I wasn't able to reproduce this hack to bypass the
password lock, but I do find it interesting that the door is wide open
for anyone to have at the java functions, especially without admin
permissions. And yes, you can create a copy of...
This is insane. Disabling AV completely for a short period of time as a
troubleshooting technique to rule out AV as a factor/cause of an end
user issue is a L1 task. Disabling AV to uninstall/update AV is also a
L1 task (yep, we do this manually sinc...
