Add a RADIUS Server
- Log in to the Fortinet FortiGate administrative interface.
- Click the User & Device section in the left navigation panel and navigate to Authentication → RADIUS Servers.
- Click the Create New button to create a new RADIUS server.
On the New RADIUS Server page, enter the following information:
- Click the OK button to create the new RADIUS server.
Configure a User Group
- Click the User & Device section in the left navigation panel and navigate to User → User Groups.
- If you have an existing user group, click on it to edit its settings. If you don't yet have a user group, click Create New to create one.
On the Edit User Group or New User Group page, enter the following information:
Name | SSL VPN with 2FA |
Type | Firewall |
Click the Create New button in the Remote groups section and select the DualShield RADIUS remote server. You do not have to specify a group.
- Click the OK button to save the user group settings.
Configure timeout
The Fortinet appliance has a default timeout of 5 seconds, which will fail for anything other than a passcode authentication. The timeout can be increased from the Fortinet command line interface to resolve the issue. We recommend increasing the timeout to at least 60 seconds
- Connect to the appliance CLI. Consult the documentation that accompanied your Fortinet device for more information.
- Execute the following commands:
# config system global
set remoteauthtimeout 60
end
# config user radius
edit <RADIUS Server>
set timeout 60
end
Reference: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Users-randomly-fail-to-connect-to-SSLVPN/ta-p/189823