Silesio Carvalho Watch on YouTube

How to Enable 2FA for IPSec Remote Access VPN Using FortiToken Mobile

3 min read 5 days ago
Published on Feb 17, 2026 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial will guide you through the process of enabling two-factor authentication (2FA) for IPSec Remote Access VPN using FortiToken Mobile. Implementing 2FA significantly enhances the security of your VPN connections by requiring an additional verification step beyond just a password.

Step 1: Prepare FortiToken Mobile

  1. Download the App

    • Go to the App Store (iOS) or Google Play Store (Android).
    • Search for "FortiToken Mobile" and download the app.

  2. Create an Account

    • Open the FortiToken Mobile app.
    • Follow the prompts to create a new account if you don’t have one.

  3. Obtain the Token

    • In your Fortinet management console, navigate to the user settings.
    • Assign a FortiToken to the user who will be accessing the VPN.

Step 2: Configure the FortiGate Firewall

  1. Access FortiGate Console

    • Log in to the FortiGate firewall interface.

  2. Enable Two-Factor Authentication

    • Go to User & Device > User Definition.
    • Select the user you want to enable 2FA for.
    • In the user settings, check the box for "Use FortiToken."

  3. Setup VPN Configuration

    • Navigate to VPN > IPSec > Phase 1.
    • Edit or create a new VPN configuration.
    • Ensure the authentication method includes "Two-Factor Authentication."

Step 3: Configure the VPN Client

  1. Install VPN Client

    • Download and install the FortiClient VPN software on your device.

  2. Set Up Connection

    • Open the FortiClient and go to the VPN section.
    • Add a new VPN connection.
    • Fill in the required information such as VPN name, remote gateway, and your username.

  3. Input Token for Authentication

    • When prompted for your password, enter your user password followed by the OTP from the FortiToken Mobile app.
    • The OTP is typically a 6-digit code that refreshes every 30 seconds.

Step 4: Test the Connection

  1. Connect to VPN

    • Use the FortiClient to connect to your VPN.
    • Enter your credentials and the OTP when prompted.

  2. Verify Access

    • Once connected, verify that you can access the resources you need.
    • Check for any connection issues and troubleshoot as necessary.

Conclusion

You have successfully enabled two-factor authentication for your IPSec Remote Access VPN using FortiToken Mobile. This added layer of security helps protect against unauthorized access. For further security, consider regularly updating your FortiToken app and ensuring your user accounts are monitored for unusual activity. To expand your knowledge, explore additional Fortinet features and security best practices.

Table of Contents

Recent