u/Joe_iQ

Tenable Nessus Plugin 33929 on FortiGate (v7.6.6) public IP - IPsec only

Hey everyone,

I'm dealing with an issue where a Tenable Nessus scan is flagging Plugin 33929 (PCI DSS compliance) on my FortiGate running v7.6.6.

For context, this is occurring on a public IP assigned to the FortiGate interface. The interface is highly locked down: ping is disabled, and the only thing enabled is a remote access IPsec VPN. The VPN is using IKEv2 with strong crypto (high AES, SHA, and DH values).

Has anyone run into this specific Nessus flag when the interface only has a heavily encrypted IPsec VPN listening? How did you go about resolving or mitigating it?

Any help is appreciated

tenable.com

u/Joe_iQ — 3 days ago

▲ 5 r/fortinet

Best way to add Duo MFA to FortiGate IPsec VPN (currently using local users)?

Hey everyone,

I have a FortiGate firewall running an IPsec remote access VPN, and currently, all my VPN users are authenticated locally on the Fortigate.

We also have Cisco ISE and Duo MFA in our stack. I want to require these VPN users to authenticate with Duo MFA before getting access.

What is the best practice for tying these three pieces (FortiGate, ISE, Duo) together, especially considering the users are currently local? Any pointers or guides would be huge. Thank you

reddit.com

u/Joe_iQ — 10 days ago