New Member

Question

testing / setting up ipsec vpn remote access

Forum|Forum|1 year ago
February 15, 2025
2 replies
1656 views

I already have SSL-VPN running with SAML enabled and it works fine..
I'm starting to setup IPSEC-VPN and it's configured to work with a local group and local account, just to get it running.

If I want to start using Azure SAML with IPSec-VPN, can I use the same samluser/saml remote group I have for SSL-VPN or do I need to setup a new one for IPSEC-vpn in parallel, including the Azure side of it.

should the ipsec-vpn also be setup on a loopback interface ? (my ssl isn't, currently) are the steps the same ?

FortiGate

New Member

You should be able to use the same group from the Entra side.

Don't put IPSec VPN on a loopback - you will lose offloading/hardware acceleration.

Staff

Kindly refer to this document as a guide for saml ipsec dialup vpn: https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/951346/saml-based-authentication-for-forticlient-remote-access-dialup-ipsec-vpn-clients

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/432396/configuring-microsoft-entra-id-as-saml-idp-and-fortigate-as-saml-sp

Yes, on Azure you can use the same sslvpn remote group enterprise application for the ipsec dialup vpn. Loopback interface creation is not required.