IPsec Azure SAML just getting timeout

Forum|Forum|10 months ago
July 16, 2025
4 replies
1511 views

Hi, I'm trying to move from SSL-VPN to IPSec, and no matter what I do, my forticlient is getting timeout on connect when I'm trying to use SAML.

My SAML port is 1443

SAML is working perfectly fine with SSL-VPN.

I'm on version v7.6.3.
I made to read and follow all the guidelines I could have found on the forums and in forti website.
If I try to connect with out SAML, it works fine.

I'm pretty lost at the moment because FortiClient doesn't seem to generate any logs for this connection attempt as well.

FortiGate

funkylicious

SuperUser

hi,

can you share the output for

show system global | grep ike-saml

show system interface WAN-Intf

show ipsec vpn phase1-interface | grep eap

show ipsec vpn phase1-interface | grep authusrgrp

a similar config guide can be found and followed from here, https://www.andrewtravis.com/blog/ipsec-vpn-with-saml

and you can start a debug on the FGT for saml in order to see where the issue might be and if it's related to saml or even a ipsec.

diag debug application samld -1

diag debug enable

diag debug application ike -1 ( you can narrow it down and do a filter before this with diagnose vpn ike filter <> and choose a param to look for, like rem-addr4 for a specific ip address initiating )

"jack of all trades, master of none"

nokilmo2

New Member

There is no FortiGate 91F. Maybe you have a 91G, which doesn't have SSL-VPN anyway nowadays depending on the version, and will lose with every version soon, so you only have IPsec.