Configure FortiGate to use PAP for Challenge-Response

Updated 3 years ago by admin

The Cloud MFA product requires that the FortiGate Dial-up VPN (IPSec) uses PAP instead of CHAP to authenticate.

The FortiGate SSL VPN is not affected. This only applies to the Dial-up VPN (IPSec)
See this related article on the FortiNet knowledge base (external link)

To reconfigure the FortiGate device using command line interface:

  1. Verify the current setting for xauthtype by typing sh (show the config)
  2. If xauthtype is set to auto or chap, type the following commands:
config vpn ipsec phase 1-interface
set xauthtype pap
  1. Confirm the change again with sh (show the config) and verify that xauthtype is now set to pap.

How did we do?