Skip to main content
INT1
INT1
Explorer
October 4, 2024
Solved

IPSEC IKEV2 SAML SSO

  • October 4, 2024
  • 3 replies
  • 2250 views

Hello,

I hope everything everything good, im reaching out for help i've seen your solutions and that you have good knowledge in fortigate/forticlient we are having an isse with some forticlient on some windows laptops were we enter configs correct but its gets stuck on connecting or after i install the vs c++ redistributable it pops up but blank and after a while it shows to enter credentials for authentication and 2fa after that it disconnects on its own no error no nothing.

do you have any idea on what can be the problem cause im starting to think its a windows problem maybe a network adpater problem or something else 

Best answer by INT1

The issue has been solved it needed the VS C++ redistributable to be downloaded for the SSO pop to come up and for the disconnecting on its own just the credentials being saved(remove the SSO credentials from credntials manager)

3 replies

Shashwati
Staff
Shashwati
Staff
October 4, 2024

hello

please run the following command to collect log

di vpn ike log-filter clear

di vpn ike log-filter dst-addr4 [IP]

diag debug app ike -1
diag debug enable

 

diag debug disable   [run this to disable debug]

    arahman
    Staff
    arahman
    Staff
    October 4, 2024

    Hi, thanks for reaching out to us, it depends there could be multiple problems, have you tried changing the version of forticlient, is it happening on only one device or multiple device, is it just limited to happening on windows or you are seeing on any other device as well, and you will also have to see if the packet are coming on the fortigate with the sniffer command

    diag sniffer packet any ' host <remote IP> and (port 500 or 4500) ' 4 0 l

    and also run the ike debugs and saml debugs as shown above 

    di vpn ike log-filter clear

    di vpn ike log-filter dst-addr4 [Remote IP]

    diag debug app ike -1

    diag debug app samld -1
    diag debug enable

    and also make sure if you have multiple ipsec dialup tunnels to specify the peerID  

     

     

      INT1
      INT1Author
      Explorer
      October 7, 2024

      hey, well its on some devices i tried different versions of forticlient some solve the problem some don't i will check the logs by doing the diagnos to see what's happening because there is no errors that are popping up even in event logs or forticlient logs

       

      INT1
      INT1AuthorAnswer
      Explorer
      October 10, 2024

      The issue has been solved it needed the VS C++ redistributable to be downloaded for the SSO pop to come up and for the disconnecting on its own just the credentials being saved(remove the SSO credentials from credntials manager)

        Terms & ConditionsAccessibility statement