VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hello, I am Matt from Duo Security.
On this video clip, I will provide you with tips on how to combine Duo withyour Fortinet FortiGate SSL VPN so as to add two-element authentication for the FortiClient for VPN access.
Just before looking at this video clip, make sure you you'll want to read https://vpngoup.com through the documentation for this application locatedat duo.
com/docs/fortinet.
Be aware that we also supply aconfiguration for protecting Fortinet's SSL VPN browser-primarily based access.
Documentation for that configuration is situated at duo.
com/docs/fortinet-alt.
To integrate Duo with the FortiGate VPN, you must installa regional proxy provider with a device within just your network.
Prior to proceeding, you shouldlocate or arrange a technique on which you will installthe Duo Authentication Proxy.
The proxy supportsWindows and Linux methods.
In this movie, we willuse a Windows method.
Note this Duo proxy server also acts like a RADIUS server.
There is absolutely no really need to deploya independent RADIUS server to use Duo.
Log in into the Duo Admin Panelon the process you are likely to put in the DuoAuthentication Proxy on.
During the left sidebar, navigate to Apps.
Click Guard an Software.
During the lookup bar, variety FortiGate.
Underneath the entry for FortiGate SSL VPN click on Shield this software.
You will end up brought to your new application's properties webpage.
Observe your integration critical, secret vital, and API hostname.
You will need these afterwards throughout setup.
Close to the top with the website page, simply click the backlink to open the Duodocumentation for FortiGate.
Following, put in the DuoAuthentication Proxy.
In this video clip, We'll use a sixty four-bit Home windows method.
We suggest a systemwith at least a person CPU, two hundred megabytes of disk Room, and 4 gigabytes of RAM.
Over the documentation web site, navigate for the Put in the DupAuthentication Proxy section.
Simply click the hyperlink to downloadthe most up-to-date version on the proxy for Home windows.
Launch the installer on the server for a user with administrator rights and Keep to the on-screen promptsto full set up.
After the set up completes, configure and begin the proxy.
For the applications of the video, we believe you have got some familiarity with The weather that make upthe proxy configuration file and the way to format them.
Detailed descriptionsof Each individual of such aspects can be found in the documentation.
The Duo Authentication Proxyconfiguration file is named authproxy.
cfg and it is locatedin the conf subdirectory with the proxy installation.
Operate a text editor like WordPad being an administrator andopen the configuration file.
By default That is locatedin C:Software Data files(x86) Duo Security Authentication Proxyconf.
When applying a very newinstallation on the proxy, there might be instance contentin the configuration file.
Delete this written content.
Initial, configure the proxy foryour primary authenticator.
For this example, we willuse Active Listing.
Include an [ad_client] area at the highest on the configuration file.
Include the host parameterand enter the hostname or IP address of your area controller.
Then include the service_account_username parameter and enter the person nameof a website member account which includes authorization to bind toyour advert and complete searches.
Up coming, insert the service_account_passwordparameter and enter the password that corresponds to your username entered previously mentioned.
Lastly, increase the search_dn parameter, and enter the LDAP distinguished name of the AD container or organizational unit that contains all the usersyou want to allow to log in.
These 4 things are theminimum parameters required to configure Lively Directoryas your Most important authenticator.
Extra optional variables are explained during the documentation.
Upcoming, configure the proxyfor your FortiGate VPN.
Develop a [radius_server_auto] area down below the [ad_client] area.
Include the integration vital, top secret vital, and API hostname from a FortiGateapplications Houses site inside the Duo Admin Panel.
Incorporate the radius_ip_1 parameterand enter the IP tackle of your respective FortiGate VPN.
Under that, incorporate theradius_secret_1 parameter and enter a top secret to get shared in between the proxy along with your VPN.
At last, include the clientparameter and enter ad_client.
These 6 items are theminimum parameters required to configure the proxy towork using your FortiGate VPN.
More optional variables are explained inside the documentation.
Preserve your configuration file.
Open up an administrator command prompt and operate net start DuoAuthProxyto commence the proxy services.
Future, configure your FortiGate VPN.
Log in for the FortiGateadministrative interface.
Within the left panel simply click Consumer & Product and navigate to RADIUS servers.
Simply click the Develop New button.
On the new RADIUS serverpage, from the Name discipline, enter a reputation like Duo RADIUS.
In the first Server IP/Title discipline enter the IP address, or FQDN, of your respective Duo RADIUS proxy.
In the principal Server Secretfield enter the RADIUS solution configured on your Duo RADIUS proxy.
Next to AuthenticationMethod, pick Specify.
Within the dropdown, find PAP.
Click on OK.
Then configure a user team.
Inside the still left panel click on User & Unit and navigate to Consumer Groups.
If you have an present consumer team, click on it to edit its configurations.
If you do not nonetheless Have a very consumer team, click on Produce New to create a person.
In this example we willedit an present consumer team.
Around the person team site nextto Type decide on Firewall.
While in the distant team section, simply click Produce New and selectthe Duo RADIUS remote server.
You do not really need to specify a bunch.
Click on OK to save lots of the person group configurations.
Ultimately, configure the timeout.
The timeout is often improved through the Fortinet command line interface.
We propose expanding thetimeout to a minimum of 60 seconds.
Connect to the appliance CLI.
Enter config process world-wide.
Then enter set remoteauthtimeout 60.
Finally, enter end.
Right after installing and configuringDuo on your FortiGate VPN, exam your set up.
Start your FortiClientapplication that has a username that has been enrolled in Duo.
Once you enter your username and password, you will obtain an automaticpush or cell phone callback.
This consumer has already enrolled in Duo and activated the Duo Mobileapplication on their cell phone, so that they receive a Duo Pushnotification on their smartphone.
Open the notification, Examine the contextual details to substantiate the login is respectable, approve it, so you are logged in.
Be aware you can alsoappend a type issue to the tip of yourpassword when logging in to use a passcode ormanually pick a two-element authentication technique.
Reference the documentationfor more info.
You may have effectively established upDuo to your FortiGate SSL VPN.