Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

FortiToken Mobile Push for SSL VPN

In this recipe, you set up FortiAuthenticator to function as a RADIUS server to authenticate SSL VPN users using FortiToken Mobile Push two-factor authentication. With Push notifications enabled, the user can easily accept or deny the authentication request.

For this configuration, you:

  • Create a user on the FortiAuthenticator.

  • Assign a FortiToken Mobile license to the user.

  • Create the RADIUS client (FortiGate) on the FortiAuthenticator, and enable FortiToken Mobile Push notifications.

  • Connect the FortiGate to the RADIUS server (FortiAuthenticator).

  • Create an SSL VPN on the FortiGate, allowing internal access for remote users.

The following names and IP addresses are used:

  • Username: gthreepwood

  • User group: RemoteFTMGroup

  • RADIUS server: OfficeRADIUS

  • RADIUS client: OfficeServer

  • SSL VPN user group: SSLVPNGroup

  • FortiAuthenticator: 172.25.176.141

  • FortiGate: 172.25.176.92

For the purposes of this recipe, a FortiToken Mobile free trial token is used. This recipe also assumes that the user has already installed the FortiToken Mobile application on their smartphone. You can install the application for Android and iOS. For details, see:

FortiToken Mobile Push for SSL VPN

In this recipe, you set up FortiAuthenticator to function as a RADIUS server to authenticate SSL VPN users using FortiToken Mobile Push two-factor authentication. With Push notifications enabled, the user can easily accept or deny the authentication request.

For this configuration, you:

  • Create a user on the FortiAuthenticator.

  • Assign a FortiToken Mobile license to the user.

  • Create the RADIUS client (FortiGate) on the FortiAuthenticator, and enable FortiToken Mobile Push notifications.

  • Connect the FortiGate to the RADIUS server (FortiAuthenticator).

  • Create an SSL VPN on the FortiGate, allowing internal access for remote users.

The following names and IP addresses are used:

  • Username: gthreepwood

  • User group: RemoteFTMGroup

  • RADIUS server: OfficeRADIUS

  • RADIUS client: OfficeServer

  • SSL VPN user group: SSLVPNGroup

  • FortiAuthenticator: 172.25.176.141

  • FortiGate: 172.25.176.92

For the purposes of this recipe, a FortiToken Mobile free trial token is used. This recipe also assumes that the user has already installed the FortiToken Mobile application on their smartphone. You can install the application for Android and iOS. For details, see: