Customer requirement:
To setup MFA for IPsec Client VPN connections for 1000+ users
Current environment:
- FortiGate Firewall
- Forti-client for IPsec VPN
- Forti-authenticator
- O365 Subscription with DirSync using AADConnect
Proposed solution:
Based on our experience and understanding of the client requirements; and the significance of MFA for secured access to enterprises network for remote workers; we have devised a cost-effective solution utilizing the existing resources.
- Explained the customer on the security features of SSL VPN
- Proposed to migrate from IPsec to SSL VPN
- Configure FortiGate firewall for SSL VPN
- Setup Enterprise Application (FortiGate SSL VPN) on Azure for Authentication
- Setup conditional access for MFA using the feature available on O365
Benefits:
- Client was able to have a better secured VPN access with MFA for all remote VPN users
- Save cost on 3rd party licenses for MFA