Skip to main content
dweimer
dweimer
New Member
May 19, 2022
Question

SSL VPN using SAML on slow connections (Satellite)

  • May 19, 2022
  • 5 replies
  • 3908 views

We are switching from Radius to SAML with Azure, its working well for most people. However a few of our users can't connect from their homes. In all cases they have a slow connection, 1 user is using cell phone as a hotspot, but with poor reception limiting bandwidth. The other 2 users are both using satellite internet ViaSat. In all 3 cases they can complete the SAML login pop-up but then it goes back to FortiClient and never begins the percentage count up that normally occurs. The client just sits there, we have verified that the laptops can connect fine if changed to a better internet link. Has anyone else seen this, and/or know of a setting that I can adjust to fix it.

5 replies

Anthony_E
Staff
Anthony_E
Staff
May 22, 2022

Hello dweimer,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
May 22, 2022

Hello dweimer,

 

I have found this document which explain how to configure FortiClient VPN with multifactor authentication

 

https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/azure-administration-guide/517582/configuring-forticlient-vpn-with-multifactor-authentication

 

Could you please tell me if it helped?

 

Thanks a lot in advance.

 

Regards,

Best Regards
kiri
Staff & Editor
kiri
Staff & Editor
May 22, 2022

Hi dweimer,

 

Do you have a FortiClient license?

Have you tried over web vpn? Please try that.
Make sure it's enabled, example below:

 

fortigate (root) # config vpn ssl web portal

config vpn ssl web portal
edit "full-access"
set web-mode enable

end

 

It is very likely that the poor quality link is preventing the VPN to come up.

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
May 23, 2022

Hey dweimer,

in addition to the above - if this happens only on slow connections, we could be looking at a timeout issue.

Can you check this on FortiGate?

#config system global

#show full | grep remoteauthtimeout

-> this should show the remoteauthtimeout setting; how long the FortiGate will wait for a remote authentication server to respond before timing out the connection

-> if your users are slow with connecting to the IdP, this may mean FortiGate is getting the successful user login after timeout

-> you could consider increasing the remoteauthtimeout value (it is in seconds) to see if that helps with your issue

flubrano
flubrano
Explorer
May 23, 2022

I already had this problem Azure AD and phone as a hotspot, test by lowering the MTU of the PC to 1200

Terms & ConditionsAccessibility statement