Hi everyone,

I'm looking for advice for the following scenario:
We have a FG (5.6.3) in place and a FAC (5.1) that is used primarily for 2FA right now. We've also deployed FortiClient (5.6) to all employees.

We want to publish an internal website to the internet but only to internal users. I know, this is usually done by FortiWeb, but we're a tiny small company.

The publishing part is easy and I can also get the FG to block the traffic and present a logon page.

Here are my two issues:

1. The traffic is right now redirected to the IP address of the FG instead of its DNS name, causing the SSL certificate to be invalid. Any ideas here?
2. Instead of getting a logon page, I'd like to get some "transparent" authentication, either from the browser or, (better) from the FortiClient. But without any logon page displayed at all.

Is there anyone out there who can assist me here?

I wish you all a wonderful holiday season,

Caroline