VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hi, I am Matt from Duo Security.
In this video clip, I'm going to demonstrate the best way to integrate Duo withyour Fortinet FortiGate SSL VPN to include two-aspect authentication to your FortiClient for VPN accessibility.
Just before viewing this movie, you should make sure to read the documentation for this software locatedat duo.
com/docs/fortinet.
Note that we also give aconfiguration for protecting Fortinet's SSL VPN browser-primarily based accessibility.
Documentation for that configuration is situated at duo.
com/docs/fortinet-alt.
To combine Duo with the FortiGate VPN, you will need to installa regional proxy assistance on the device inside your network.
In advance of continuing, you shouldlocate or setup a process on which you will installthe Duo Authentication Proxy.
The proxy supportsWindows and Linux programs.
On this online video, we willuse a Home windows process.
Observe that this Duo proxy server also acts as being a RADIUS server.
There is no need to deploya separate RADIUS server to use Duo.
Log in to the Duo Admin Panelon the program you are likely to install the DuoAuthentication Proxy on.
During the remaining sidebar, navigate to Apps.
Click on Guard an Application.
From the look for bar, style FortiGate.
Beneath the entry for FortiGate SSL VPN click Shield this software.
You're going to be introduced to the new software's Qualities site.
Note your integration essential, key essential, and API hostname.
You will want these later on in the course of setup.
Near the prime from the webpage, simply click the backlink to open up the Duodocumentation for FortiGate.
Upcoming, set up the DuoAuthentication Proxy.
Within this online video, We're going to use a 64-little bit Home windows method.
We recommend a systemwith at least just one CPU, 200 megabytes of disk Room, and four gigabytes of RAM.
Around the documentation site, navigate to your Install the DupAuthentication Proxy part.
Click on the link to downloadthe most recent Variation in the proxy for Windows.
Launch the installer around the server for a user with administrator rights and Stick to the on-screen promptsto entire installation.
After the installation completes, configure and begin the proxy.
To the purposes of the movie, we suppose you've some familiarity with the elements which make upthe proxy configuration file and the way to structure them.
Comprehensive https://vpngoup.com descriptionsof Each individual of such features can be found in the documentation.
The Duo Authentication Proxyconfiguration file is named authproxy.
cfg and is particularly locatedin the conf subdirectory from the proxy installation.
Operate a textual content editor like WordPad as an administrator andopen the configuration file.
By default This is often locatedin C:Application Documents(x86) Duo Security Authentication Proxyconf.
When utilizing a very newinstallation on the proxy, there might be instance contentin the configuration file.
Delete this articles.
Initial, configure the proxy foryour primary authenticator.
For this example, we willuse Active Directory.
Increase an [ad_client] portion at the highest of your configuration file.
Incorporate the host parameterand enter the hostname or IP tackle of the domain controller.
Then add the service_account_username parameter and enter the person nameof a website member account which has authorization to bind toyour ad and complete queries.
Subsequent, include the service_account_passwordparameter and enter the password that corresponds to the username entered earlier mentioned.
Lastly, add the search_dn parameter, and enter the LDAP distinguished title of an Advertisement container or organizational device containing every one of the usersyou want to allow to log in.
These 4 objects are theminimum parameters needed to configure Energetic Directoryas your primary authenticator.
Further optional variables are explained in the documentation.
Up coming, configure the proxyfor your FortiGate VPN.
Make a [radius_server_auto] segment under the [ad_client] area.
Incorporate The mixing important, solution essential, and API hostname from the FortiGateapplications Attributes web site during the Duo Admin Panel.
Increase the radius_ip_1 parameterand enter the IP tackle within your FortiGate VPN.
Underneath that, incorporate theradius_secret_1 parameter and enter a key to become shared involving the proxy along with your VPN.
Finally, increase the clientparameter and enter ad_client.
These six merchandise are theminimum parameters needed to configure the proxy towork with the FortiGate VPN.
Further optional variables are described within the documentation.
Help you save your configuration file.
Open an administrator command prompt and operate Internet commence DuoAuthProxyto start out the proxy provider.
Future, configure your FortiGate VPN.
Log in for the FortiGateadministrative interface.
Within the remaining panel click on Person & Unit and navigate to RADIUS servers.
Click the Build New button.
On The brand new RADIUS serverpage, in the Title area, enter a reputation like Duo RADIUS.
In the main Server IP/Identify discipline enter the IP deal with, or FQDN, of one's Duo RADIUS proxy.
In the principal Server Secretfield enter the RADIUS key configured with your Duo RADIUS proxy.
Next to AuthenticationMethod, pick Specify.
Within the dropdown, pick PAP.
Click Alright.
Then configure a consumer team.
While in the left panel click User & System and navigate to Person Teams.
Should you have an present user team, click on it to edit its configurations.
If you do not nevertheless Have got a person team, simply click Develop New to produce one.
In this example we willedit an existing user group.
Within the person team web page nextto Variety pick Firewall.
Inside the remote group section, click Create New and selectthe Duo RADIUS remote server.
You do not should specify a gaggle.
Click OK to save lots of the user team configurations.
At last, configure the timeout.
The timeout may be improved with the Fortinet command line interface.
We suggest growing thetimeout to at the least sixty seconds.
Hook up with the appliance CLI.
Enter config procedure global.
Then enter established remoteauthtimeout 60.
Finally, enter conclusion.
Soon after installing and configuringDuo for your personal FortiGate VPN, exam your setup.
Start your FortiClientapplication that has a username which has been enrolled in Duo.
Whenever you enter your username and password, you are going to get an automaticpush or mobile phone callback.
This person has already enrolled in Duo and activated the Duo Mobileapplication on their phone, in order that they receive a Duo Pushnotification on their own smartphone.
Open the notification, Test the contextual facts to confirm the login is legitimate, approve it, and you also are logged in.
Notice that you can alsoappend a form factor to the end of yourpassword when logging in to work with a passcode ormanually pick out a two-issue authentication strategy.
Reference the documentationfor additional information.
You have got efficiently established upDuo for your personal FortiGate SSL VPN.