- #WORKING WITH FORTINET SUPPORT HOW TO#
- #WORKING WITH FORTINET SUPPORT INSTALL#
- #WORKING WITH FORTINET SUPPORT FULL#
- #WORKING WITH FORTINET SUPPORT PASSWORD#
To integrate Duo with your Fortinet FortiGate SSL VPN, you will need to install a local Duo proxy service on a machine within your network. You should already have a working primary authentication configuration for your Fortinet FortiGate SSL VPN users before you begin to deploy Duo. You'll need to pre-enroll your users in Duo using one of our available methods before they can log in using this configuration.
#WORKING WITH FORTINET SUPPORT HOW TO#
Debug gathered from infrastructure surrounding the FortiAuthenticator (such as FortiGate VPN or authentication debug, or FSSO log files).Before moving on to the deployment steps, it's a good idea to familiarize yourself with Duo administration concepts and features like options for applications, and Duo policy settings and how to apply them. Information from previous tickets (if there were any). This will write the output to a PCAP file which may be downloaded from by scrolling to the bottom of the drop-down menu (or debug/pcap-dump/).Īny other details that may be useful in illustrating the issue such as: # execute tcpdumpfile –c100 –i any host 10.0.0.1 and port 389 This will dump the output in CLI and decode it if the protocol is well known, such as RADIUS or LDAP. # execute tcpdump –c100 –nnvvi any host 10.0.0.1 and port 389 More narrow, filtered captures may be taken via CLI with these commands: If the issue is suspected to involve FortiAuthenticator communicating with either authentication clients (like a FortiGate), or authentication servers (RADIUS, LDAP etc), a packet capture can help in determining if there are communication issues and if so, what shape they take.įortiAuthenticator allows taking a capture in GUI (under System -> Network -> Packet Capture), but this does not currently (March 2021) allow for any filtering, and so will often contain a lot of noise.
#WORKING WITH FORTINET SUPPORT FULL#
These individual sections can be useful in instances where the error and its source are clearly defined and limited in all other circumstances, the full debug report is preferable.įortiAuthenticator provides access to detailed debug logs at the URL If any error messages possibly related to the issue at hand are found here (there is a drop-down menu in the upper left to navigate through sections), then these logs can be downloaded and attached to the support case as well.
The arrow next to it provides a drop-down menu that allows for downloading individual sections of the debug report. If possible, include detailed steps on how the error messages were triggered.Ī complete debug report (which can be decrypted by Technical Support) can be downloaded from Logs -> Log Access, by selecing the 'Debug Report' button at the top. If any error messages are observed in log messages, or crashes encountered in GUI, download those logs (from Logs > Log Access) or take screenshots and attach these as well.
#WORKING WITH FORTINET SUPPORT PASSWORD#
When uploading the backup, include the username and password of the added local admin as a ticket comment. Delete the local user from the FortiAuthenticator again. Note username and password (support/fortinet for example). Add a local admin user to the FortiAuthenticator with all access permissions. To ensure Technical Support can restore the backup in a lab and view all configuration items, proceed as follows when generating a backup for a support case: However, this is not immediately useful to Technical Support.
Providing the following information when opening a FortiAuthenticator support case can expedite troubleshooting significantly.Ī FortiAuthenticator backup can be taken from GUI or CLI. When opening a FortiAuthenticator case for any kind of technical issue, TAC support will usually request some general debug information to start troubleshooting. This article describes which information to provide to Technical Support when opening a FortiAuthenticator support case for technical issues to expedite troubleshooting.
0 kommentar(er)
