SAML Authentication
Hello, I know that normaly there should be one rule allowing a connection. In my case we are experiencing with Firewall Authentication, we configured FortiAuthenticator do allow access to devices behind the Firewall based on AD Groups.
Users have to sign in on Authenticator using the SAML URL: /saml-sp/CDS_SegSecServ/login/, the session is valid for 10 hours, afterwards users have to relogin. So at this time we have rules which need authentication and older rules for similar access without authentication, based on IP Adresses.
The Authentication rules map users to ip’s, so at the end it is also an IP to IP rule.
Now my question, what happens when the authenticated sessions runs out, since there is also the old rule which also serves the same IP, should the TCP session continue to work without interruption or does it mean that a new session is initiated and the old one get stuck.
It looks like there are at least database disconnections and i am not sure if this is because the rules allowing traffic switches from the New Rules (Auth rules)Â to the old static IP2IP rules.Â
Hope this was understandable ;)