Skip to main content
stacy6
stacy6
New Member
March 15, 2023
Question

Client VPN advice

  • March 15, 2023
  • 1 reply
  • 1027 views

Hi all,

I've been tasked with implementing VPN connections for our remote users that improve on the existing SSL-VPN provision in a couple of ways.

1: We want the Windows-based clients to start their VPN connections on boot, before the user logs in, so that they have a connection in to our Windows domain controllers and the Windows clients can update their local info from the DC's prior to doing the login.

2: we want to implement MFA on our VPN connections using pre-existing Microsoft O365/AzureAD accounts as users are already extensively using this system elsewhere and we don't want to add yet another 2FA method (i.e. no fortitoken :D )

The problem is I don't even know what terminology I need to use to dig out relevant information from the Fortinet documentation site. I *think* I need to set up an IPSEC client vpn instead of the SSL-VPN they're already using, and deploy a different config on the Forticlient, but my searching has been fruitless thus far. Can someone point me in the right direction please?

Cheers,

 

Stacy

1 reply

AlexNgian
AlexNgian
New Member
March 17, 2023

I think what you are looking for is Azure AD SAML SSO setup. I could only get it to work with trusted 3rd party cert though, not self-signed certs and only using SSL VPN.  

 

https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/azure-administration-guide/584456/configuring-saml-sso-login-for-ssl-vpn-with-azure-ad-acting-as-saml-idp

 

Maybe there is some others more experienced able to help with your requirements. 

Terms & ConditionsAccessibility statement