Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
btan
Staff
Staff

Created on ‎10-17-2024 01:05 AM

Article Id 350060

Technical Tip: FortiGate displays FortiClient UID when end users connected to IPsec SAML IKEv2 VPN

Description This article describes how to resolve the issue whereby FortiGate does not display the Xauth username properly.
Scope

FortiOS 7.2.6 onwards, 7.4.0 and 7.4.1.

IPsec SAML IKEv2 VPN is introduced in FortiClient 7.2.3 and above.
Solution

In FortiGate -> Dashboard -> IPsec Monitor:

FortiGate displays FortiClient UID instead of the actual username under the column 'Xauth User'.

 

xauth-user-this-COPY-EDITED.PNG

 

Run the command: 

 

diagnose vpn ike gateway list

FortiGate (root) # diagnose vpn ike gateway list

vd: root/0
name: FCT_SAML_
version: 2
interface: vlan5555 55
addr: 5.5.5.5:4500 -> 5.5.5.6:64917
tun_id: 192.168.1.1/::10.0.0.185
remote_location: 0.0.0.0
network-id: 0
transport: UDP
created: 149s ago
eap-user: 48B5CB6355D24C8C9BA77807C8DB6CB7 <-- It shows FortiClient UID instead of the actual username.

 

This is a known issue in the FortiOS version lower than FortiOS 7.4.2.

The solution is to upgrade FortiOS to 7.4.2 to resolve this issue. 

 

Labels:
67
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.