IPsec Dialup - scep certificate instead of pre shared key

Forum|Forum|1 year ago
December 15, 2024
3 replies
1100 views

Hello everybody,

We distribute device scep certificates via intune over a PKI instance to authenticate our devices via LAN and WiFi via a RADIUS server. However, our Fortigate does not serve as the RADIUS server. We use a Cloud Radius server and also a cloud provider as PKI for the scep certificates.

Currently we use IPsec VPN via SAML login and pre shared key.
Is it possible to use the already distributed devices certificates for remote login of the IPsec VPN instead of the pre shared key? However, I would still like to use SAML for user authentication. Or does this make no sense at all?

Regards

fabs

Anthony_E

Staff

Hello fabs,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Best Regards

Anthony_E

Staff

Hello fabs,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Best Regards

Anthony_E

Staff

Hi fabs,

Did you already have a look at this document?:

https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/560886/pre-shared-key-vs-digital-certificates

Regards,

Best Regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded