Make sure you add the ‘group’ you created in the previous step to the ‘ SSL-VPN Settings’ as well as the ‘ IPv4 Policies‘ Now on the Fortigate you will need to create a RADIUS Server object by browsing to ‘ Users and Devices’ then ‘ RADIUS Server‘Ĭhoose your AD Group from the ‘ Remote Groups’ sections. You should see something like the screenshot above. Security_group_dn=CN=duo-group,CN=Users,DC=myinfoseclab,DC=local You will need to run your cli editing tool. You will need to edit the config file for the proxy agent.
You should also create a some user(s) for testing. NOTE: Once you run the ‘make’ command, it will take ~10 MinutesĬhange the directory to the one created in the ‘untar’ option created above.Ĭd duoauthproxy-build Microsoft AD ConfigurationĮnsure you have a ’Security Group’ and service account created.
#Fortigate vm iso install
Now you will need to untar the package and prepare to install Next you will need to download the duo proxy agent: Now change the working directory to the /opt/duo folder Now you can create a directory to download the files to: Sudo systemctl mask -now firewalld Installing the Duo Proxy Agent To completely disable the CentOS firewall: To make it easier to download the proxy agent for Duo without having to SFTP etc to the box, you can install ‘ wget‘Ĭheck the status of the CentOS firewall but entering the following command: Next you will install gcc (compiler), phyton and other necessary libraries. Yum install gcc make python-devel libffi-devel perl zlib-devel Next you will want to install ‘ net-tools’ which will give you the ability to run command like ‘ ifconfig’
#Fortigate vm iso password
‘ssh enter the root password you set in the previous step and hit enter. NOTE: Click the button that says ‘ off’ and set it to ‘ on’. Select the disk you are going to install CentOS on.Ĭonfigure a hostname and IPv4/IPv6. Choose the language and keyboard and hit ‘ continue’. You should either use the local console or use the remote console (I opted for the remote console).
#Fortigate vm iso iso
Deploying the VMĪs you can see above, we are using CentOS Linux 7 (64 bit)Įnsure you add the ISO for CentOS to the CD ROM and ensure you have the ‘ Connect’ button selected. I remember it being easier prior to the Cisco acquisition, but I may have missed something. I will create a separate blog post for FortiToken. Fortinet has a nicer and easier deployment method. The initialization of the token on my IOS device was kind of kludgy. You will need to create a user and assign a token.
You will need to get the API Key, the iKey as well as the sKey. In my lab, I am using a Fortigate 300E running 6.0.3, Windows 2016 (Fake DC), Duo Security Account, CentOS 7 (minimum install), ESXi 6.7Įnsure you visit and set up an account. Duo Security 2FA with Fortigate FirewallsĪlthough Fortinet has a great 2FA solution (FortiToken) which is simple to use and does not require anything extra, there ARE customers out there that are currently using Duo Security (Now a Cisco Company).
0 kommentar(er)
