VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hello, I am Matt from Duo Stability.
In this particular movie, I'm going to teach you the best way to integrate Duo withyour Fortinet FortiGate SSL VPN to add two-aspect authentication for the FortiClient for VPN access.
Right before observing this video clip, remember to you'll want to examine the documentation for this software locatedat duo.
com/docs/fortinet.
Note that we also supply aconfiguration for protecting Fortinet's SSL VPN browser-dependent accessibility.
Documentation for that configuration is located at duo.
com/docs/fortinet-alt.
To integrate Duo along with your FortiGate VPN, you have got to installa neighborhood proxy company with a equipment within your community.
Just before continuing, you shouldlocate or create a system on which you'll installthe Duo Authentication Proxy.
The proxy supportsWindows and Linux systems.
Within this movie, we willuse a Windows technique.
Take note this Duo proxy server also acts as a RADIUS server.
There isn't a ought to deploya individual RADIUS server to make use of Duo.
Log in to your Duo Admin Panelon the method you are likely to install the DuoAuthentication Proxy on.
In the left sidebar, navigate to Apps.
Simply click Shield an Software.
During the search bar, sort FortiGate.
Underneath the entry for FortiGate SSL VPN click Shield this application.
You may be brought to the new software's Houses web site.
Take note your integration key, magic formula essential, and API hostname.
You will want these later throughout setup.
Close to the leading on the page, simply click the hyperlink to open the Duodocumentation for FortiGate.
Upcoming, install the DuoAuthentication Proxy.
In this particular video, We're going to make use of a sixty four-little bit Windows system.
We advocate a systemwith at least one CPU, 200 megabytes of disk Room, and 4 gigabytes of RAM.
Around the documentation page, navigate for the Set up the DupAuthentication Proxy section.
Simply click the url to downloadthe newest Model of your proxy for Home windows.
Launch the installer on the server to be a person with administrator rights and follow the on-monitor promptsto comprehensive set up.
After the set up completes, configure and begin the proxy.
For your functions of this video, we suppose you have some familiarity with the elements that make upthe proxy configuration file and the way to format them.
Comprehensive descriptionsof Every of such factors can be found in the documentation.
The Duo Authentication Proxyconfiguration file is named authproxy.
cfg and is locatedin the conf subdirectory of your proxy set up.
Operate a text editor like WordPad being an administrator andopen the configuration file.
By default This is often locatedin C:Software Data files(x86) Duo Security Authentication Proxyconf.
When making use of a completely newinstallation of your proxy, there may be illustration contentin the configuration file.
Delete this information.
First, configure the proxy foryour Major authenticator.
For this example, we willuse Active Directory.
Add an [ad_client] part at the top of your configuration file.
Incorporate the host parameterand enter the hostname or IP tackle within your area controller.
Then increase the service_account_username parameter and enter the consumer nameof a site member account which includes permission to bind toyour advert and conduct searches.
Up coming, include the service_account_passwordparameter and enter the password that corresponds into the username entered previously mentioned.
Eventually, include the search_dn parameter, and enter the LDAP distinguished identify of an Advert container or organizational unit containing all the usersyou desire to permit to log in.
These 4 objects are theminimum parameters necessary to configure Active Directoryas your primary authenticator.
Additional optional variables are described while in the documentation.
Next, configure the proxyfor your FortiGate VPN.
Create a [radius_server_auto] section underneath the [ad_client] section.
Insert The combination crucial, mystery crucial, and API hostname from a FortiGateapplications Homes site in the Duo Admin Panel.
Include the radius_ip_1 parameterand enter the IP tackle of your respective FortiGate VPN.
Underneath that, increase theradius_secret_1 parameter and enter a secret to become shared in between the proxy and also your VPN.
Last but not least, include the clientparameter and enter ad_client.
These 6 goods are theminimum parameters required to configure the proxy towork along with your FortiGate VPN.
Additional optional variables are explained while in the documentation.
Help save your configuration file.
Open up an administrator command prompt and run Web commence DuoAuthProxyto start https://vpngoup.com the proxy service.
Subsequent, configure your FortiGate VPN.
Log in on the FortiGateadministrative interface.
Inside the remaining panel simply click Consumer & Device and navigate to RADIUS servers.
Click on the Make New button.
On the new RADIUS serverpage, from the Title area, enter a name like Duo RADIUS.
In the main Server IP/Title industry enter the IP deal with, or FQDN, of the Duo RADIUS proxy.
In the main Server Secretfield enter the RADIUS magic formula configured on the Duo RADIUS proxy.
Next to AuthenticationMethod, find Specify.
Inside the dropdown, decide on PAP.
Click Alright.
Then configure a person team.
Inside the left panel click on Consumer & System and navigate to Consumer Teams.
In case you have an existing user group, click on it to edit its settings.
If you don't still Have a very consumer group, click on Produce New to generate a single.
In this instance we willedit an present person group.
Around the consumer group page nextto Kind pick Firewall.
Inside the distant team area, click Generate New and selectthe Duo RADIUS distant server.
You don't ought to specify a group.
Click on Okay to save the person team options.
Finally, configure the timeout.
The timeout can be amplified with the Fortinet command line interface.
We suggest rising thetimeout to a minimum of 60 seconds.
Connect with the equipment CLI.
Enter config process international.
Then enter set remoteauthtimeout 60.
Lastly, enter close.
Immediately after setting up and configuringDuo for your personal FortiGate VPN, test your setup.
Launch your FortiClientapplication using a username that has been enrolled in Duo.
Any time you enter your username and password, you might get an automaticpush or telephone callback.
This user has presently enrolled in Duo and activated the Duo Mobileapplication on their own phone, so that they get a Duo Pushnotification on their smartphone.
Open the notification, Verify the contextual data to confirm the login is authentic, approve it, so you are logged in.
Take note that you can alsoappend a form variable to the tip of yourpassword when logging in to utilize a passcode ormanually pick a two-variable authentication strategy.
Reference the documentationfor more info.
You have correctly established upDuo for the FortiGate SSL VPN.