New Member

Question

SSL-VPN with LDAP& FortiToken

Forum|Forum|5 months ago
January 3, 2026
1 reply
160 views

I'm trying to configure SSL-VPN users from an LDAP server with FortiToken. I have an issue: when a user tries to connect to SSL-VPN and is not defined in the group (the one connected to the LDAP), it bypasses the Active Directory group check and prompts for FortiToken anyway. (I know because even when I remove this user from the Active Directory group, the user can still connect.)

FortiGate

Explorer III

You mean the fortigate firewall? What is the version?

Have you done ldap debug to see what happens https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-LDAP-Troubleshooting-using-diagnose-test/ta-p/354491 / https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-LDAP-troubleshooting-and-debug/ta-p/196280 / https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-LDAP-authentication-errors/ta-p/195337 ?

Also by just googling I saw https://community.fortinet.com/t5/FortiGate/Technical-Tip-Description-of-CVE-2020-12812-bypassing-two-factor/ta-p/197737 and maybe there are are other well known issues.