Configure FortiGate to use PAP for Challenge-Response
The Cloud MFA product requires that the FortiGate Dial-up VPN (IPSec) uses PAP instead of CHAP to authenticate.
To reconfigure the FortiGate device using command line interface:
- Verify the current setting for xauthtype by typing
sh(show the config)
- If xauthtype is set to auto or chap, type the following commands:
config vpn ipsec phase 1-interface
set xauthtype pap
- Confirm the change again with
sh(show the config) and verify that xauthtype is now set to pap.