¶ VPN Fortigate OTP
¶ OTP
One time password (OTP) authentication is one of the forms of the user's identity verification, based on providing a one-time password or code by the user logging into the network. OTP can function as a stand-alone form of verification, as well as in addition to the traditional forms.
The OTP configuration for FortiGate allows you to make a good use of VPN-enabled support. The first stage of verification is to check the user's credentials to the device in the NACVIEW environment or in the operation of the device (e.g. Active Directory). After passing this stage, the next one depends on the next stage of the verification code message. In order to connect to the network the user applies a code (which has been already received) for the Forti Client Application.
¶ How to configure OTP support for FortiGate?
1. Open a command prompt and execute the following commands:
config system global
set remoteauthtimeout 30
end
config user radius
edit NACVIEW
set server "10.10.60.20"
set secret <secret>
set radius-port 1817
set auth-type pap
next
end
2. In the FortiGate system enter User & Device > User Groups and then click on: Create New.
3. In the form that appears, enter NACVIEW as the name, then in the Remote Groups section, click Add and select NACVIEW. Confirm with OK.
4. Go to VPN > SSL-VPN Settings and configure the settings as in the picture below.
5. Go to Policy & Objects, and then to: IPv4 Policy.
6. Click Create New.
7. Complete the form by entering the data from the photo below. As Destination set relevant subnets - those that users will be able to access.
8. Confirm with OK.
9. Go to NACVIEW. Then open the menu and select Network Devices.
10. Click: Add new item.
11. Complete the fields: IP Address, Radius Communication Key (after clicking the Change/Set Password button), OTP Options (the drop-down list at the end of the form), entering data for the FortiGate system.
12. Save the set values.
For the OTP service to work properly, you may also need to configure the SMS Gateway in NACVIEW. To do this, use the SMS Gateway tutorial in the Instructions section of our website.
More detailed information about the sections and elements of the NACVIEW system can be found in the Administration Guide document.