![\"WS2022-nps1\"](\"https:\/\/blog.pmail.idv.tw\/wp-content\/uploads\/2022\/04\/WS2022-nps1.jpg\" "\\"WS2022-nps1\\"")
<\/a><\/p>\n\u5b89\u88dd\u5b8c\u6210\u5f8c\uff0c\u958b\u555fNPS\u7ba1\u7406\u5de5\u5177<\/p>\n
\u5728NPS\u7bc0\u9ede > \u5c07\u8a72\u4e3b\u6a5f\u8a3b\u518a\u5230AD\u4e2d<\/p>\n
\u9ede\u9078 \u78ba\u8a8d<\/p>\n \u5b8c\u6210<\/p>\n <\/p>\n \u4e0b\u8f09Azure AD MFA NPS\u64f4\u5145\u529f\u80fd<\/p>\n https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=54688<\/a><\/p>\n \u958b\u555fporwershell \u8996\u7a97<\/p>\n \u5207\u63db\u81f3 \u8def\u5f91C:\\Program Files\\Microsoft\\AzureMfa\\Config<\/p>\n \u57f7\u884c.\\AzureMfsNpsExtnConfigSetup.ps1<\/em><\/p>\n \u8f38\u5165azure ad \u7ba1\u7406\u8005\u5e33\u865f\u5bc6\u78bc<\/p>\n \u8f38\u5165\u79df\u7528\u6236ID<\/p>\n \u5b8c\u6210\u5f8c\u6703\u81ea\u52d5\u91cd\u65b0\u555f\u52d5NPS\u670d\u52d9<\/p>\n <\/p>\n forti \u8a2d\u5b9atimeout\u6642\u9593<\/p>\n config system global set remoteauthtimeout 60 \u4ee5\u4e0a\u5c31\u5b8c\u6210 NPS \u6574\u5408office 365 mfa \u76f8\u95dc\u5b89\u88dd<\/p>\n \u63a5\u4e0b\u4f86\u7684\u9700\u6c42\u662f\u7528\u6236\u7aef\u8981\u4f7f\u7528fortinetClinet\u9023\u7dda\u9700\u4f7f\u7528AD\u5e33\u865f\u5bc6\u78bc\u624d\u53ef\u4ee5<\/p>\n \u4e14\u5fc5\u9808\u96b8\u5c6c\u7279\u5b9aVPN Group\u6210\u54e1\u624d\u53ef\u4ee5\u9023\u7dda\u6210\u529f\uff0c\u4e26\u4e0d\u662f\u6240\u6709AD\u5e33\u865f\u90fd\u53ef\u4ee5\u9023\u7dda<\/font><\/p>\n \u8a2d\u5b9a:<\/p>\n 1.\u65b0\u589eRADIUS \u7528\u6236\u7aef\u3002\u56e0\u70baNPS \u662f\u6211\u5011\u7684RADIUS Server\uff0cFortigate \u81ea\u7136\u800c\u7136\u5c31\u6210\u4e86\u6211\u5011\u7684\u7528\u6236\u7aef\uff0c\u6240\u4ee5\u8acb\u52d9\u5fc5\u8f38\u5165\u5176IP \u4f4d\u5740\uff0c\u53caServer \u7aef\u548c\u7528\u6236\u7aef\u7684\u6e9d\u901a\u6642\u6240\u9700\u8981\u7684\u5171\u7528\u5bc6\u78bc<\/p>\n \u53cd\u4e4b\u5728Fortinet \u4e0a\u9762\u9700\u8981\u65b0\u589e\u4e00\u7d44 RADIUS <\/p>\n \u8f38\u5165\u540d\u7a31 : NPS01 (\u81ea\u8a02) \uff0cNPS IP \uff0c\u53ca\u5171\u7528\u5bc6\u78bc<\/p>\n 2.Fortinet \u65b0\u589euser Group <\/p>\n => \u8acb\u5230 User & Authentication => User Group \u65b0\u589e\u4e00\u500bUser Group <\/p>\n \u7bc4\u4f8b \u5efa\u7acb\u4e00\u500bHQ-SSL-VPN-Group<\/p>\n Remote Group : \u5c07 RADIUS Server \u52a0\u9032\u4f86<\/p>\n \u57fa\u672c\u4e0a\u4ee5\u4e0a\u8a2d\u5b9a\u5b8c\u6210\u5f8c\u9810\u8a2dNPS \u4e0a\u7684\u9023\u7dda\u8981\u6c42\u539f\u5247\u548c\u7db2\u8def\u539f\u5247\u53ef\u4ee5\u4e0d\u7528\u505a\u4efb\u4f55\u8abf\u6574\u5c31\u53ef\u4ee5\u4f7f\u7528ad\u5e33\u6236\u9023\u4f86\u9023\u7ddassl vpn,\u4e14\u6703\u8df3\u51fa\u5fae\u8edf\u4e8c\u968e\u6bb5\u9a57\u8b49 (\u53e6\u5916fortinet ssl vpn \u53capolicy \u76f8\u95dc\u8a2d\u5b9a\u4e0d\u7279\u5225\u8aaa\u660e)<\/font><\/p>\n \u4f46\u662fAD\u5e33\u6236\u9700\u8981\u52fe\u9078[\u5141\u8a31\u5b58\u53d6]\u53ef\u4ee5\u9023\u7dda\u6210\u529f\u3002<\/p>\n \u82e5\u9700\u8981\u8a2d\u5b9a\u7279\u5b9a\u7fa4\u7d44\u5247\u65b0\u589e\u4e00\u500b[\u7db2\u8def\u539f\u5247]<\/p>\n \u689d\u4ef6\u8a2d\u5b9a\u7279\u5b9a\u7fa4\u7d44<\/p>\n \u9a57\u8b49\u65b9\u5f0f\u90e8\u5206\u8a18\u5f97\u8981\u52fe [\u52a0\u5bc6\u9a57\u8b49]\u53ca[\u672a\u52a0\u5bc6\u9a57\u8b49]<\/p>\n \u6b64\u6642AD\u5e33\u6236\uff0c\u64a5\u5165\u8a2d\u5b9a\u9078[\u900f\u904eNPS\u7db2\u8def\u539f\u5247\u63a7\u5236]\u5373\u53ef(\u9019\u662f\u9810\u8a2d\u503c)<\/p>\n \u53e6\u5916\u8aaa\u660e<\/p>\n \u56e0\u70baNPS \u6574\u5408 multifactor authentication \uff0c\u53c8\u56e0\u70ba\u5fae\u8edfAuthenticator app \u6709<\/p>\n 1.\u7c21\u8a0a\u9a57\u8b49<\/p>\n 2.Microsoft Authenticator – \u901a\u77e5<\/p>\n 3.Microsoft Authenticator \u61c9\u7528\u7a0b\u5f0f\u6216\u786c\u9ad4token<\/p>\n \u6839\u64dafortinet \u6587\u4ef6\u6240\u4ee5\u9a57\u8b49\u65b9\u5f0f\u9700\u8981\u7279\u5225\u52fe\u9078\uff0c\u5426\u5247\u7121\u6cd5\u9a57\u8b49\u6210\u529f<\/p>\n https:\/\/docs.fortinet.com\/document\/fortigate-public-cloud\/6.2.0\/azure-administration-guide\/517582\/configuring-forticlient-vpn-with-multifactor-authentication<\/a><\/p>\n <\/p>\n \u53c3\u8003\u9023\u7d50<\/p>\n https:\/\/docs.microsoft.com\/zh-tw\/azure\/active-directory\/authentication\/howto-mfa-nps-extension-vpn<\/a><\/p>\n https:\/\/www.petenetlive.com\/kb\/article\/0001759<\/a><\/p>\n https:\/\/www.ultraviolet.network\/post\/fortigate-ssl-vpn-with-azure-ad-mfa<\/a><\/p>\n https:\/\/pliantcloud.com\/blog\/2018\/9\/7\/how-to-setup-fortinet-multifactor-vpn<\/a><\/p>\n https:\/\/techgenix.com\/azure-mfa-existing-vpn\/<\/a><\/p>\n https:\/\/docs.microsoft.com\/zh-tw\/azure\/active-directory\/authentication\/howto-mfa-nps-extension<\/a><\/p>\n https:\/\/pio.nz\/2021\/02\/13\/fortigate-sslvpn-with-azure-mfa\/<\/a><\/p>\n https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/howto-mfa-nps-extension-vpn#install-and-configure-the-nps-extension<\/a><\/p>\n https:\/\/pio.nz\/2021\/02\/13\/fortigate-sslvpn-with-azure-mfa\/<\/a><\/p>\n https:\/\/www.petenetlive.com\/kb\/article\/0001725<\/a><\/p>\n ASA <\/p>\n https:\/\/www.petenetlive.com\/KB\/Article\/0000685<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a> <\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n\n