You can buy a multi use fortitoken. Forget the proper name but you can upload to as many firewalls as you want
If you’ve got the M365/AzureAD you can just forego the Duo costs and use Microsoft Authenticator natively, too.
If your using Office 365 or G Suite, then you can save some monthly cost and get rid of DUO.
It works for me. I use different security groups with different subnet and Firewall policy. I am using it with DUO radius.
It works if DUO is setup as an AD server not as RADIUS server.
Late comment i know, but maybe will help someone…
conf user local
edit username
set two-factor email
set username-sensitivity disable
end
for each user… up arrow is your friend here
(way too late, but wanted to add one to keep 6moth update alive)
you‘ll need azure ad premium p1 or p2 at least to use the fortigate ssl vpn enterprise app in azure in combination with groups.
What I meant by licensing was O365 or any higher tier Microsoft product, if they use Gsuite they can’t use azure AD obviously but that’s why I used the word licensing lol. The fortigate SSL app on azure AD is free yes.
You’re talking FortiTrust Identity (newish [2021] name for what was previously FortiToken Cloud) with some extras.
They might be using Duo for other authentication purposes…
Interesting. Am I right in assuming that I wouldn’t need any specific Fortigate licenses to use radius with ssl vpn? I want to do what you’ve done and use duo with something like ISE for policy.
Oh, how about with LDAP?
Just wanted to thank you because I didn’t know there was a Fortigate SSL app for Azure!
Not exactly. I use these on our firewalls.
You can get a one time or multi use with a seed file
Starts with part number “ FTK-200BCD “
Wait… Is all this available with the AZURE free account?
FortiToken 200B can usually only be tied to a single unit. The 200BCD I’m pretty sure are End of Sale.
I’m not overly familiar with the CD seed file option. Only ever considered it for “offline” firewall instances, where Internet was not available because of air-gaps in OT type environments.
My co-workers and I only use the seed file options. We really like them and load them into every firewall we deploy. We easily have 60+ of them with the seed file and fortitoken. I have the app with one time for a backup on my one at my house , but that’s it