Add a RADIUS Server
- Log in to the Fortinet FortiGate administrative interface.
- Click the User & Device section in the left navigation panel and navigate to Authentication → RADIUS Servers.
- Click the Create New button to create a new RADIUS server.
On the New RADIUS Server page, enter the following information:
- Click the OK button to create the new RADIUS server.
Configure a User Group
- Click the User & Device section in the left navigation panel and navigate to User → User Groups.
- If you have an existing user group, click on it to edit its settings. If you don't yet have a user group, click Create New to create one.
On the Edit User Group or New User Group page, enter the following information:
Name SSL VPN with 2FA Type Firewall Click the Create New button in the Remote groups section and select the DualShield RADIUS remote server. You do not have to specify a group.
- Click the OK button to save the user group settings.
Configure timeout
The Fortinet appliance has a default timeout of 5 seconds, which will fail for anything other than a passcode authentication. The timeout can be increased from the Fortinet command line interface to resolve the issue. We recommend increasing the timeout to at least 60 seconds
- Connect to the appliance CLI. Consult the documentation that accompanied your Fortinet device for more information.
- Execute the following commands:
# config system global
set remoteauthtimeout 60
end
# config user radius
edit <RADIUS Server>
set timeout 60
end