VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hi, I'm Matt from Duo Security.
During this online video, I'll explain to you how to integrate Duo withyour Fortinet FortiGate SSL VPN to incorporate two-issue authentication on the FortiClient for VPN access.
Just before seeing this online video, please be sure you read through the documentation for this application locatedat duo.
com/docs/fortinet.
Note that we also present aconfiguration for safeguarding Fortinet's SSL VPN browser-primarily based accessibility.
Documentation for that configuration is located at duo.
com/docs/fortinet-alt.
To combine Duo together with your FortiGate VPN, you must installa neighborhood proxy provider over a equipment within just your network.
Ahead of continuing, you shouldlocate or create a procedure on which you'll installthe Duo Authentication Proxy.
The proxy supportsWindows and Linux techniques.
On this online video, we willuse a Home windows program.
Be aware that this Duo proxy server also functions like a RADIUS server.
There is absolutely no must deploya different RADIUS server to employ Duo.
Log in to the Duo Admin Panelon the procedure you are likely to put in the DuoAuthentication Proxy on.
From the still left sidebar, navigate to Apps.
Click Secure an Application.
During the look for bar, style FortiGate.
Beneath the entry for FortiGate SSL VPN click on Shield this application.
You will be introduced to the new application's Houses site.
Take note your integration crucial, top secret important, and API hostname.
You will require these afterwards all through setup.
Close to the prime on the web site, simply click the backlink to open up the Duodocumentation for FortiGate.
Future, install the DuoAuthentication Proxy.
Within this video clip, We are going to use a 64-bit Home windows technique.
We endorse a systemwith at the very least 1 CPU, two hundred megabytes of disk House, and 4 gigabytes of RAM.
Over the documentation webpage, navigate to the Set up the DupAuthentication Proxy segment.
Simply click the hyperlink to downloadthe newest Edition of the proxy for Home windows.
Start the installer around the server as being a person with administrator legal rights and Keep to the on-display promptsto complete set up.
After the set up completes, configure and start the proxy.
To the applications of this video clip, we suppose you may have some familiarity with the elements which make upthe proxy configuration file and the way to format them.
Comprehensive descriptionsof Just about every of those things are available in the documentation.
The Duo Authentication Proxyconfiguration file is named authproxy.
cfg which is locatedin the conf subdirectory from the proxy set up.
Run a textual content editor like WordPad as an administrator andopen the configuration file.
By default This can be locatedin C:Plan Data files(x86) Duo Safety Authentication Proxyconf.
When working with a totally newinstallation with the proxy, there might be illustration contentin the configuration file.
Delete this content material.
First, configure the proxy foryour primary authenticator.
For this example, we willuse Lively Listing.
Insert an [ad_client] segment at the highest from the configuration file.
Add the host parameterand enter the hostname or IP deal with of your area controller.
Then add the service_account_username parameter and enter the consumer nameof a website member account which includes permission to bind toyour advertisement and accomplish lookups.
Next, add the service_account_passwordparameter and enter the password that corresponds to your username entered higher than.
Last but not least, incorporate the search_dn parameter, and enter the LDAP distinguished name of the Advertisement container or organizational device that contains all the usersyou would like to allow to log in.
These 4 products are theminimum parameters required to configure Energetic Directoryas your Most important authenticator.
Supplemental optional variables are described in the documentation.
Upcoming, configure the proxyfor your FortiGate VPN.
Make a [radius_server_auto] segment under the [ad_client] part.
Insert The combination critical, magic formula important, and API hostname from the FortiGateapplications Homes page in the Duo Admin Panel.
Incorporate the radius_ip_1 parameterand enter the IP handle of your FortiGate VPN.
Beneath that, include theradius_secret_1 parameter and enter a top secret being shared in between the proxy plus your VPN.
At last, increase the clientparameter and enter ad_client.
These six goods are theminimum parameters required to configure the proxy towork with the FortiGate VPN.
Additional optional variables are explained in the documentation.
Preserve your configuration file.
Open up an administrator command prompt and run Web start off DuoAuthProxyto begin the proxy assistance.
Up coming, configure your FortiGate VPN.
Log in towards the FortiGateadministrative interface.
From the still left panel click Consumer & Gadget and navigate to RADIUS servers.
Simply click the Generate New button.
On The brand new RADIUS serverpage, within the Title subject, enter a reputation like Duo RADIUS.
In the main Server IP/Name discipline enter the IP https://vpngoup.com address, or FQDN, of the Duo RADIUS proxy.
In the principal Server Secretfield enter the RADIUS mystery configured on the Duo RADIUS proxy.
Close to AuthenticationMethod, select Specify.
Within the dropdown, decide on PAP.
Click on OK.
Then configure a user team.
From the left panel simply click Consumer & Product and navigate to Consumer Groups.
When you've got an current consumer team, click on it to edit its settings.
If you do not but Use a user group, click Make New for making just one.
In this example we willedit an present user group.
Over the person group site nextto Style select Firewall.
From the distant group section, click on Produce New and selectthe Duo RADIUS distant server.
You don't have to specify a bunch.
Click on OK to save lots of the consumer team settings.
Last but not least, configure the timeout.
The timeout could be improved in the Fortinet command line interface.
We propose escalating thetimeout to at least sixty seconds.
Connect to the appliance CLI.
Enter config system worldwide.
Then enter established remoteauthtimeout 60.
Eventually, enter conclusion.
Right after putting in and configuringDuo on your FortiGate VPN, check your setup.
Launch your FortiClientapplication having a username which has been enrolled in Duo.
If you enter your username and password, you may obtain an automaticpush or telephone callback.
This user has now enrolled in Duo and activated the Duo Mobileapplication on their cellular phone, so that they get a Duo Pushnotification on their smartphone.
Open up the notification, Verify the contextual facts to verify the login is reputable, approve it, and you simply are logged in.
Note that you can alsoappend a kind factor to the tip of yourpassword when logging in to employ a passcode ormanually pick out a two-component authentication process.
Reference the documentationfor additional information.
You have properly established upDuo in your FortiGate SSL VPN.