Users generate a security code on a VIP credential that they register with Symantec’s VIP Service. They use that security code, along with their user name and password, to gain access to the resources protected by Fortinet FortiGate VPN. To resolver the common issues that you may encounter during integration, along with typical solutions, the authentication workflow as described below may help: 

For users who have installed VIP Access on their registered mobile devices, VIP Service sends a VIP Access Push notification message to the mobile device. The user must tap Allow on the device to perform the second-factor authentication and complete the sign-in. VIP Access Push authentication with the User ID + LDAP Password + Security Code authentication method is explained in above image. If the provided credentials are correct, and you accept or reject the VIP Access Push notification on your registered mobile device FortiGate VPN authenticates user's access of protected resources.

For detailed documentation about integrating Fortinet FortiGate VPN with Symantec VIP, please refer: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip/cloud/vip-integrations-v127046077-d2278e2955/Symantec-VIP-Integration-Guide-for-Fortinet-FortiGate-VPN/about-symantec-validation-and-id-protection-v120100317-d2326e8.html