Configuring Fortigate 60D Firewall SSL VPN with FortiToken 2FA (Advanced Configuration)
Subject: Configuring Fortigate 60D Firewall SSL VPN with FortiToken 2FA (Advanced Configuration)
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 25 August 2020 Tuesday Singapore Time
Type of Publication: PDF Manual
Document Version: 20200825.01
INTRODUCTION
============
Fortigate firewall appliances are based on Linux Kernel and open source software.
In this PDF manual, I will show you how to:
1. Install Windows Server 2019 Standard as a virtual machine in Linux KVM/QEMU Hypervisor
2. Install Active Directory Domain Services role/feature
3. Promote Windows Server 2019 Standard to Domain Controller
4. Create organizational units in Active Directory Users and Computers
5. Create Active Directory user
6. Create security group for SSL VPN users
7. Assign Active Directory user to the SSL VPN Users security group
8. Add LDAP server (Microsoft Active Directory/LDAP integration) in Fortigate 60D firewall
9. Add user group from LDAP server in Fortigate 60D firewall (remember to add members of the group as well)
10. Add LDAP user in Fortigate 60D firewall
11. Configure SSL VPN tunnel in Fortigate 60D firewall
12. Configure two firewall security policies to allow VPN users to access the (a) internal network and the (b) internet
13. Assign FortiToken to LDAP user in Fortigate 60D firewall and turn on 2nd Factor Authentication (2FA)
14. Create VPN tunnel in FortiClient VPN on your Android phone and connect to Fortigate 60D SSL VPN tunnel successfully
15. FortiClient VPN will now ask you for the token code
Redundant Google Drive download links for my PDF manual
=======================================================
[1] https://drive.google.com/file/d/1uhRWr8OXerCN30OeWhgFP8rG_4NlkHsa/view?usp=sharing
[2] https://drive.google.com/file/d/1mJ5m7zlPFLXuXfKgfLcq_nAGP1jC2QlC/view?usp=sharing
[3] https://drive.google.com/file/d/1ZU7aphOXIG3q8-1g6GSRXX2hXgG7AibU/view?usp=sharing
[4] https://drive.google.com/file/d/1IKVeGJZ5HPR6hAsRwxTHfABBLjKz9uyl/view?usp=sharing
[5] https://drive.google.com/file/d/1nwC7VlA3p0U2apmsOlH6mADrX84wxTNM/view?usp=sharing
[6] https://drive.google.com/file/d/1mXT3TdX8dtCDA1YeoX7oRxk3mSgcoN6P/view?usp=sharing
REFERENCES
==========
[1] https://lkml.org/lkml/2020/8/25/648
[2] http://lkml.iu.edu/hypermail/linux/kernel/2008.3/02806.html
[3] https://marc.info/?l=linux-kernel&m=159836443108740&w=2
[4] https://lwn.net/ml/linux-kernel/fac273f8cd4cde443b1f9fdd047d208e%40teo-en-ming.com/
[5] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-August/029148.html
[6] https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2282488.html
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 25 August 2020 Tuesday Singapore Time
Type of Publication: PDF Manual
Document Version: 20200825.01
INTRODUCTION
============
Fortigate firewall appliances are based on Linux Kernel and open source software.
In this PDF manual, I will show you how to:
1. Install Windows Server 2019 Standard as a virtual machine in Linux KVM/QEMU Hypervisor
2. Install Active Directory Domain Services role/feature
3. Promote Windows Server 2019 Standard to Domain Controller
4. Create organizational units in Active Directory Users and Computers
5. Create Active Directory user
6. Create security group for SSL VPN users
7. Assign Active Directory user to the SSL VPN Users security group
8. Add LDAP server (Microsoft Active Directory/LDAP integration) in Fortigate 60D firewall
9. Add user group from LDAP server in Fortigate 60D firewall (remember to add members of the group as well)
10. Add LDAP user in Fortigate 60D firewall
11. Configure SSL VPN tunnel in Fortigate 60D firewall
12. Configure two firewall security policies to allow VPN users to access the (a) internal network and the (b) internet
13. Assign FortiToken to LDAP user in Fortigate 60D firewall and turn on 2nd Factor Authentication (2FA)
14. Create VPN tunnel in FortiClient VPN on your Android phone and connect to Fortigate 60D SSL VPN tunnel successfully
15. FortiClient VPN will now ask you for the token code
Redundant Google Drive download links for my PDF manual
=======================================================
[1] https://drive.google.com/file/d/1uhRWr8OXerCN30OeWhgFP8rG_4NlkHsa/view?usp=sharing
[2] https://drive.google.com/file/d/1mJ5m7zlPFLXuXfKgfLcq_nAGP1jC2QlC/view?usp=sharing
[3] https://drive.google.com/file/d/1ZU7aphOXIG3q8-1g6GSRXX2hXgG7AibU/view?usp=sharing
[4] https://drive.google.com/file/d/1IKVeGJZ5HPR6hAsRwxTHfABBLjKz9uyl/view?usp=sharing
[5] https://drive.google.com/file/d/1nwC7VlA3p0U2apmsOlH6mADrX84wxTNM/view?usp=sharing
[6] https://drive.google.com/file/d/1mXT3TdX8dtCDA1YeoX7oRxk3mSgcoN6P/view?usp=sharing
REFERENCES
==========
[1] https://lkml.org/lkml/2020/8/25/648
[2] http://lkml.iu.edu/hypermail/linux/kernel/2008.3/02806.html
[3] https://marc.info/?l=linux-kernel&m=159836443108740&w=2
[4] https://lwn.net/ml/linux-kernel/fac273f8cd4cde443b1f9fdd047d208e%40teo-en-ming.com/
[5] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-August/029148.html
[6] https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2282488.html
Comments
Post a Comment