VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hello, I am Matt from Duo Security.
In this online video, I will demonstrate the way to integrate Duo withyour Fortinet FortiGate SSL VPN to incorporate two-issue authentication for the FortiClient for VPN entry.
Just before watching this video clip, please be sure to go through the documentation for this application locatedat duo.
com/docs/fortinet.
Take note that we also provide aconfiguration for protecting Fortinet's SSL VPN browser-centered entry.
Documentation for that configuration is situated at duo.
com/docs/fortinet-alt.
To combine Duo using your FortiGate VPN, you need to installa community proxy services on a device within your community.
Prior to proceeding, you shouldlocate or create a system on which you will installthe Duo Authentication Proxy.
The proxy supportsWindows and Linux units.
On this movie, we willuse a Home windows procedure.
Note this Duo proxy server also functions as a RADIUS server.
There isn't a need to deploya individual RADIUS server to make use of Duo.
Log in to your Duo Admin Panelon the technique you are likely to put in the DuoAuthentication Proxy on.
Within the still left sidebar, navigate to Purposes.
Simply click Protect an Application.
Inside the search bar, sort FortiGate.
Underneath the entry for FortiGate SSL VPN click on Defend this software.
You will be introduced to your new application's Qualities website page.
Take note your integration important, secret crucial, and API hostname.
You'll need these later on in the course of set up.
Close to the top rated of your website page, click on the hyperlink to open up the Duodocumentation for FortiGate.
Next, install the DuoAuthentication Proxy.
Within this movie, We're going to use a 64-little bit Windows system.
We endorse a systemwith not less than 1 CPU, two hundred megabytes of disk Area, and four gigabytes of RAM.
Around the documentation webpage, navigate to the Put in the DupAuthentication Proxy area.
Click the connection to downloadthe most up-to-date Edition on the proxy for Windows.
Start the installer within the server being a consumer with administrator rights and Stick to the on-display promptsto complete set up.
Once the installation completes, configure and start the proxy.
For your uses of this movie, we presume you've got some familiarity with the elements that make upthe proxy configuration file and how to structure them.
Comprehensive descriptionsof Every single of these aspects can be found in the documentation.
The Duo Authentication Proxyconfiguration file is named authproxy.
cfg and is locatedin the conf subdirectory of your proxy installation.
Operate a text editor like WordPad as an administrator andopen the configuration file.
By default This is certainly locatedin C:System Information(x86) Duo Stability Authentication Proxyconf.
When working with a very newinstallation on the proxy, there may be illustration contentin the configuration file.
Delete this articles.
Initially, configure the proxy foryour Most important authenticator.
For this example, we willuse Lively Listing.
Add an [ad_client] area at the highest of the configuration file.
Increase the host parameterand enter the hostname or IP deal with of one's domain controller.
Then include the service_account_username parameter and enter the person nameof a domain member account which has authorization to bind toyour ad and carry out queries.
Next, add the service_account_passwordparameter and enter the password that corresponds towards the username entered previously mentioned.
Lastly, increase the search_dn parameter, and enter the LDAP distinguished identify of the Advertisement container or organizational device containing every one of the usersyou would like to permit to log in.
These 4 items are theminimum parameters needed to configure Lively Directoryas your Most important authenticator.
Further optional variables are described from the documentation.
Following, configure the proxyfor your FortiGate VPN.
Make a [radius_server_auto] area beneath the [ad_client] segment.
Insert The combination crucial, top secret vital, and API hostname out of your FortiGateapplications Attributes site during the Duo Admin Panel.
Insert the radius_ip_1 parameterand enter the IP deal with of your respective FortiGate VPN.
Beneath that, incorporate theradius_secret_1 parameter and enter a secret to get shared concerning the proxy as well as your VPN.
At last, include the clientparameter and enter ad_client.
These 6 items are theminimum parameters required to configure the proxy towork with the FortiGate VPN.
Additional optional variables are described from the documentation.
Save your configuration file.
Open an administrator command prompt and run Internet get started DuoAuthProxyto get started the proxy provider.
Next, configure your FortiGate VPN.
Log in to the FortiGateadministrative interface.
In the left panel click User & Machine and navigate to RADIUS servers.
Simply click the Build New button.
On the new RADIUS serverpage, while in the Name discipline, enter a reputation like Duo RADIUS.
In the principal Server IP/Name subject enter the IP deal with, or FQDN, of your respective Duo RADIUS proxy.
In the Primary Server Secretfield enter the RADIUS key configured on your own Duo RADIUS proxy.
Close to AuthenticationMethod, pick out Specify.
During the dropdown, decide on PAP.
Click on Alright.
Then configure a consumer group.
Within the left panel click on Consumer & Unit and navigate https://vpngoup.com to Person Teams.
Should you have an existing person group, click on it to edit its settings.
If you don't however Have got a person team, simply click Build New to help make a person.
In this example we willedit an present user group.
To the consumer group website page nextto Variety select Firewall.
Within the distant team segment, click on Build New and selectthe Duo RADIUS remote server.
You do not should specify a gaggle.
Click on Alright to save lots of the consumer group options.
Ultimately, configure the timeout.
The timeout is usually amplified through the Fortinet command line interface.
We recommend rising thetimeout to at the least 60 seconds.
Hook up with the equipment CLI.
Enter config program global.
Then enter set remoteauthtimeout 60.
Last but not least, enter stop.
After installing and configuringDuo for your personal FortiGate VPN, examination your set up.
Start your FortiClientapplication by using a username which has been enrolled in Duo.
If you enter your username and password, you'll receive an automaticpush or phone callback.
This consumer has presently enrolled in Duo and activated the Duo Mobileapplication on their cellular phone, in order that they receive a Duo Pushnotification on their own smartphone.
Open the notification, Test the contextual information and facts to confirm the login is respectable, approve it, and you are logged in.
Observe that you could alsoappend a sort element to the end of yourpassword when logging in to make use of a passcode ormanually decide on a two-aspect authentication process.
Reference the documentationfor more info.
You may have efficiently established upDuo on your FortiGate SSL VPN.