firewallfortigatefortinetsslvpn
Just wanted to inquire if there is a way with FortiGate 60E to setup 2FA without setting-up a Forti-Authenticator or any additional costs? We are currently using this FW for our SSL VPN in our small office and wanted to increase security for users via 2FA.
Using SonicWalls before and it has an option to do SMS or eMail for FREE. Just hoping FortiGates have this as well.
Cheers!
The FortiGate doesn't care which protocol is running over the port 443, so you just need to create a policy and select the corresponding interfaces/addresses and as service you can select HTTPS. If it's a policy from internal network to WAN, be sure to select NAT also
You can set a quota via the web filter profile. The quota can be configured per category, and the category action need to be set to either Monitor / Warning / Authenticate.
The quota can be a traffic or time restriction, and is on a per user basis. For further information please refer to the FortiOS Handbook, the chapter name is:
Configuring FortiGuard Category Quotas
Best Answer
You can configure email 2FA for a user like this:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45585
SMS or certificate authentication is also possible: https://www.fortinetguru.com/2016/06/two-factor-authentication/
Finally, you can use a RADIUS server with any kind of authentication behind it, but that is a lot more complicated.