Add a RADIUS Server

  1. Log in to the Fortinet FortiGate administrative interface.
  2. Click the User & Device section in the left navigation panel and navigate to Authentication → RADIUS Servers.
  3. Click the Create New button to create a new RADIUS server.

  4. On the New RADIUS Server page, enter the following information:

  5. Click the OK button to create the new RADIUS server.

Configure a User Group

  1. Click the User & Device section in the left navigation panel and navigate to User → User Groups.
  2. If you have an existing user group, click on it to edit its settings. If you don't yet have a user group, click Create New to create one.

  3. On the Edit User Group or New User Group page, enter the following information:


    NameSSL VPN with 2FA
    TypeFirewall

  4. Click the Create New button in the Remote groups section and select the DualShield RADIUS remote server. You do not have to specify a group.




  5. Click the OK button to save the user group settings.

Configure timeout

The Fortinet appliance has a default timeout of 5 seconds, which will fail for anything other than a passcode authentication. The timeout can be increased from the Fortinet command line interface to resolve the issue. We recommend increasing the timeout to at least 60 seconds

  1. Connect to the appliance CLI. Consult the documentation that accompanied your Fortinet device for more information.
  2. Execute the following commands:

# config system global
    set remoteauthtimeout 60
end

# config user radius
    edit <RADIUS Server>
        set timeout 60
end

Reference: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Users-randomly-fail-to-connect-to-SSLVPN/ta-p/189823


  • No labels