VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hello, I am Matt from Duo Protection.
In this video, I'm going to explain to you tips on how to combine Duo withyour Fortinet FortiGate SSL VPN to incorporate two-aspect authentication to the FortiClient for VPN accessibility.
In advance of observing this video clip, make sure you make sure you study the documentation for this software locatedat duo.
com/docs/fortinet.
Observe that we also offer you aconfiguration for safeguarding Fortinet's SSL VPN browser-dependent access.
Documentation for that configuration is found at duo.
com/docs/fortinet-alt.
To integrate Duo with your FortiGate VPN, you will have to installa nearby proxy provider over a machine in your community.
Before proceeding, you shouldlocate or setup a process on which you will installthe Duo Authentication Proxy.
The proxy supportsWindows and Linux programs.
During this video, we willuse a Home windows technique.
Be aware this Duo proxy server also functions to be a RADIUS server.
There's no ought to deploya separate RADIUS server to work with Duo.
Log in towards the Duo Admin Panelon the procedure you are likely to install the DuoAuthentication Proxy on.
From the remaining sidebar, navigate to Programs.
Simply click Shield an Application.
Inside the look for bar, form FortiGate.
Underneath the entry for FortiGate SSL VPN simply click Guard this application.
You will be brought on your new software's Homes site.
Notice your integration vital, magic formula vital, and API hostname.
You will require these later on throughout set up.
Close to the best of your web site, simply click the url to open up the Duodocumentation for FortiGate.
Up coming, set up the DuoAuthentication Proxy.
Within this movie, We'll make use of a sixty four-little bit Home windows method.
We recommend a systemwith at least a single CPU, 200 megabytes of disk Room, and 4 gigabytes of RAM.
To the documentation web site, navigate to the Put in the DupAuthentication Proxy segment.
Click on the link to downloadthe most up-to-date Edition of the proxy for Home windows.
Start the installer within the server for a person with administrator rights and follow the on-display screen promptsto comprehensive set up.
Following the installation completes, configure and start the proxy.
For your uses of this video clip, we suppose you may have some familiarity with the elements which make upthe proxy configuration file and the way to format them.
In depth descriptionsof Every of these aspects can be found in the documentation.
The Duo Authentication Proxyconfiguration file is named authproxy.
cfg and it is locatedin the conf subdirectory of your proxy installation.
Operate a text editor like WordPad as an administrator andopen the configuration file.
By default This is often locatedin C:Application Files(x86) Duo Stability Authentication Proxyconf.
When making use of a completely newinstallation of your proxy, there might be case in point contentin the configuration file.
Delete this written content.
To start with, configure the proxy foryour Major authenticator.
For this instance, we willuse Lively Directory.
Add an [ad_client] section at the https://vpngoup.com highest of your configuration file.
Add the host parameterand enter the hostname or IP deal with of your area controller.
Then incorporate the service_account_username parameter and enter the consumer nameof a site member account which has permission to bind toyour ad and conduct queries.
Future, include the service_account_passwordparameter and enter the password that corresponds into the username entered previously mentioned.
At last, increase the search_dn parameter, and enter the LDAP distinguished title of an Advertisement container or organizational unit made up of most of the usersyou wish to permit to log in.
These 4 things are theminimum parameters needed to configure Energetic Directoryas your Main authenticator.
More optional variables are explained while in the documentation.
Future, configure the proxyfor your FortiGate VPN.
Make a [radius_server_auto] portion below the [ad_client] part.
Incorporate The combination essential, mystery essential, and API hostname from your FortiGateapplications Homes page in the Duo Admin Panel.
Insert the radius_ip_1 parameterand enter the IP deal with of one's FortiGate VPN.
Below that, insert theradius_secret_1 parameter and enter a key for being shared involving the proxy along with your VPN.
Ultimately, insert the clientparameter and enter ad_client.
These six objects are theminimum parameters necessary to configure the proxy towork with the FortiGate VPN.
More optional variables are explained during the documentation.
Help save your configuration file.
Open an administrator command prompt and run net start out DuoAuthProxyto get started the proxy services.
Future, configure your FortiGate VPN.
Log in on the FortiGateadministrative interface.
In the remaining panel click Consumer & System and navigate to RADIUS servers.
Click the Make New button.
On The brand new RADIUS serverpage, while in the Name field, enter a name like Duo RADIUS.
In the main Server IP/Name field enter the IP address, or FQDN, of the Duo RADIUS proxy.
In the main Server Secretfield enter the RADIUS key configured on the Duo RADIUS proxy.
Next to AuthenticationMethod, pick out Specify.
During the dropdown, pick out PAP.
Click Alright.
Then configure a person team.
While in the still left panel click on Person & Product and navigate to Person Groups.
If you have an current person group, click on it to edit its configurations.
If you don't however Have a very person team, click on Build New to make a person.
In this example we willedit an current person group.
About the user team webpage nextto Kind find Firewall.
Within the distant group portion, simply click Create New and selectthe Duo RADIUS remote server.
You don't need to specify a group.
Simply click Alright to save the user group settings.
Last but not least, configure the timeout.
The timeout could be greater through the Fortinet command line interface.
We advise raising thetimeout to no less than sixty seconds.
Connect with the equipment CLI.
Enter config system world-wide.
Then enter set remoteauthtimeout sixty.
Lastly, enter close.
Soon after installing and configuringDuo for your FortiGate VPN, exam your set up.
Launch your FortiClientapplication by using a username which has been enrolled in Duo.
Whenever you enter your username and password, you might acquire an automaticpush or cellular phone callback.
This user has previously enrolled in Duo and activated the Duo Mobileapplication on their cell phone, so they receive a Duo Pushnotification on their own smartphone.
Open the notification, Test the contextual facts to verify the login is genuine, approve it, and also you are logged in.
Notice which you could alsoappend a form variable to the top of yourpassword when logging in to work with a passcode ormanually select a two-variable authentication system.
Reference the documentationfor more information.
You have correctly set upDuo in your FortiGate SSL VPN.