rotmin.blogg.se - Fortinet vpn client set inactivity timeout

#FORTINET VPN CLIENT SET INACTIVITY TIMEOUT HOW TO#
#FORTINET VPN CLIENT SET INACTIVITY TIMEOUT SOFTWARE#
#FORTINET VPN CLIENT SET INACTIVITY TIMEOUT PASSWORD#

This is the password that the RADIUS server (the Okta RADIUS Server Agent ) and the RADIUS client (the Firebox) will use to communicate.

In the Secret Key text box, type the shared secret key.

In the Application label text box, type a description name.

In the Browse App Integration Catalog section, search for RADIUS Application and click Add.

Select Applications > Applications > Browse App Catalog.

#FORTINET VPN CLIENT SET INACTIVITY TIMEOUT HOW TO#

For information about how to import, see the Okta documentation. You can import users and groups from Active Directory to Okta.

To add a user in Okta, select Directory > People > Add Person.

In the Name text box, type a group name.

From the Okta Verify drop-down list, select Required.

Select the Default Policy and click Edit.

(Optional) Select the Require Touch ID or Face ID for Okta Verify (only on iOS) check box.

Select the Enable Push Notification check box.

In the Okta Verify Settings section, click Edit.

Select Security > Multifactor > Factor Types > Okta Verify.

From the Authentication Server drop-down list, select your authentication server.

If you add a user, the name of the user must match the name of the Okta user. If you use the default SSLVPN-Users group name, you must add an SSLVPN-Users group to Okta. The name of this group must match the name of the Okta group your users belong to.

In the Name text box, type a name for the group.

Click Add to add a group to authenticate.

From the adjacent drop-down list, select Group.

In the Users and Groups section, from the Create new drop-down list, select the authentication server you created.If you have Mobile VPN with SSL configured and you only want to test Okta MFA, do not make your authentication server the default server. Mobile VPN with SSL uses the default authentication server unless a user specifies a different authentication server in the Username text box on the Mobile VPN with SSL client. To make this authentication server the default server, click Move Up until the server appears at the top of the list.In the Authentication Server list, select your authentication server.From the Authentication Server drop-down list, select the authentication server you created.This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. In the Primary text box, type the external IP address or domain name of the Firebox.Select the Activate Mobile VPN with SSL check box.In the SSL section, click Manually Configure.Keep the default value for Group Attribute.This key is used to communicate with the RADIUS server (the Okta RADIUS Server Agent). In the Shared Secret and Confirm Secret text boxes, type a shared secret key.This is the default port used for communication with the RADIUS server (the Okta RADIUS Server Agent). In the Port text box, keep the default port setting of 1812.In the IP Address text box, type the IP address of the RADIUS server (the Okta RADIUS Server Agent).In the Primary Server Settings section, select the Enable RADIUS Server check box.You cannot change the domain name after you save the settings. Users must specify this domain name on the user login page. In the Domain Name text box, type the domain name for this RADIUS server.From the Authentication Servers list, click RADIUS.

When a user authenticates with Okta MFA, Okta does not send a response to the Firebox until the user approves the push notification or until the push authentication expires. You must configure the RADIUS authentication settings and enable Mobile VPN with SSL on your Firebox.

You have installed and configured the Okta RADIUS Server Agent.

A token is assigned to a user in Okta Verify.

This topology diagram shows the data flow for multi-factor authentication with a WatchGuard Firebox and Okta.

Okta RADIUS Server Agent 2.15.1 or higher.

#FORTINET VPN CLIENT SET INACTIVITY TIMEOUT SOFTWARE#

The hardware and software used in this guide include: