VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hello, I'm Matt from Duo Safety.
In this video clip, I will teach you how to integrate Duo withyour Fortinet FortiGate SSL VPN to incorporate two-variable authentication to the FortiClient for VPN obtain.
Prior to looking at this video clip, be sure to you should definitely study the documentation for this software locatedat duo.
com/docs/fortinet.
Note that we also present aconfiguration for safeguarding Fortinet's SSL VPN browser-dependent access.
Documentation for that configuration is situated at duo.
com/docs/fortinet-alt.
To combine Duo together with your FortiGate VPN, you will have to installa neighborhood proxy assistance on the device inside your community.
Just before proceeding, you shouldlocate or arrange a program on which you will installthe Duo Authentication Proxy.
The proxy supportsWindows and Linux techniques.
In this movie, we willuse a Windows process.
Notice that this Duo proxy server also functions being a RADIUS server.
There isn't a have to deploya independent RADIUS server to utilize Duo.
Log in on the Duo Admin Panelon the procedure you are going to put in the DuoAuthentication Proxy on.
While in the remaining sidebar, navigate to Programs.
Click Defend an Software.
During the research bar, variety FortiGate.
Beneath the entry for FortiGate SSL VPN simply click Defend this application.
You will be introduced in your new software's Homes web site.
Note your integration important, secret critical, and API hostname.
You will want these afterwards for the duration of set up.
Near the best with the web site, click the url to open up the Duodocumentation for FortiGate.
Future, install the DuoAuthentication Proxy.
Within this video, We're going to use a sixty four-little bit Windows process.
We propose a systemwith not less than 1 CPU, two hundred megabytes of disk Area, and four gigabytes of RAM.
Within the documentation page, navigate into the Install the DupAuthentication Proxy part.
Click on the link to downloadthe newest version of the proxy https://vpngoup.com for Windows.
Start the installer within the server for a person with administrator rights and follow the on-monitor promptsto complete set up.
After the set up completes, configure and begin the proxy.
For that functions of the online video, we assume you may have some familiarity with The weather that make upthe proxy configuration file and the way to structure them.
Extensive descriptionsof Each and every of such factors are available in the documentation.
The Duo Authentication Proxyconfiguration file is named authproxy.
cfg and is particularly locatedin the conf subdirectory on the proxy set up.
Run a text editor like WordPad being an administrator andopen the configuration file.
By default This is often locatedin C:Program Files(x86) Duo Safety Authentication Proxyconf.
When using a completely newinstallation of your proxy, there might be illustration contentin the configuration file.
Delete this content material.
1st, configure the proxy foryour Key authenticator.
For this example, we willuse Active Listing.
Increase an [ad_client] area at the top of your configuration file.
Add the host parameterand enter the hostname or IP handle of one's area controller.
Then increase the service_account_username parameter and enter the consumer nameof a site member account that has authorization to bind toyour advert and complete searches.
Future, insert the service_account_passwordparameter and enter the password that corresponds to the username entered earlier mentioned.
Lastly, incorporate the search_dn parameter, and enter the LDAP distinguished identify of the Advertisement container or organizational device made up of all the usersyou desire to allow to log in.
These 4 things are theminimum parameters required to configure Lively Directoryas your Most important authenticator.
Additional optional variables are explained inside the documentation.
Future, configure the proxyfor your FortiGate VPN.
Make a [radius_server_auto] area below the [ad_client] segment.
Increase the integration important, key critical, and API hostname from your FortiGateapplications Qualities site in the Duo Admin Panel.
Include the radius_ip_1 parameterand enter the IP tackle of the FortiGate VPN.
Under that, increase theradius_secret_1 parameter and enter a secret for being shared in between the proxy and your VPN.
Finally, include the clientparameter and enter ad_client.
These six merchandise are theminimum parameters necessary to configure the proxy towork with your FortiGate VPN.
More optional variables are explained inside the documentation.
Conserve your configuration file.
Open an administrator command prompt and operate net begin DuoAuthProxyto start the proxy services.
Future, configure your FortiGate VPN.
Log in into the FortiGateadministrative interface.
Within the still left panel click User & Gadget and navigate to RADIUS servers.
Click the Develop New button.
On the new RADIUS serverpage, inside the Name discipline, enter a name like Duo RADIUS.
In the key Server IP/Name subject enter the IP tackle, or FQDN, of the Duo RADIUS proxy.
In the first Server Secretfield enter the RADIUS magic formula configured on the Duo RADIUS proxy.
Close to AuthenticationMethod, choose Specify.
While in the dropdown, find PAP.
Click on Alright.
Then configure a consumer group.
During the still left panel click on User & Machine and navigate to User Groups.
In case you have an existing person team, click it to edit its options.
If you don't nevertheless Have a very user group, click on Produce New to make one particular.
In this instance we willedit an existing person team.
About the user team web page nextto Form pick Firewall.
While in the remote group section, simply click Develop New and selectthe Duo RADIUS remote server.
You don't really need to specify a group.
Click on Alright to save lots of the consumer team configurations.
Last but not least, configure the timeout.
The timeout can be enhanced in the Fortinet command line interface.
We advise increasing thetimeout to at the very least 60 seconds.
Hook up with the appliance CLI.
Enter config method global.
Then enter established remoteauthtimeout 60.
Last but not least, enter close.
After putting in and configuringDuo for the FortiGate VPN, check your setup.
Start your FortiClientapplication by using a username which has been enrolled in Duo.
After you enter your username and password, you will obtain an automaticpush or cellular phone callback.
This user has now enrolled in Duo and activated the Duo Mobileapplication on their mobile phone, so they get a Duo Pushnotification on their smartphone.
Open up the notification, Check out the contextual details to substantiate the login is respectable, approve it, so you are logged in.
Observe that you could alsoappend a sort factor to the end of yourpassword when logging in to employ a passcode ormanually decide on a two-element authentication system.
Reference the documentationfor additional information.
You've successfully set upDuo on your FortiGate SSL VPN.