Technical Tip: Unable to login to FortiGate from F...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 415580

Description

This article describes an issue when trying to log in to FortiGate from FortiGate Cloud, but it points to the automatically assigned IP and does not open FortiGate.

Scope

FortiGate v7.6.4, FortiGate Cloud.

Solution

When trying to access FortiGate from the FortiGate Cloud by navigating to Assets, then selecting either the desired FortiGate or 'right-clicking' the desired FortiGate, and selecting Remote Access.

image (63).png

After selecting 'Sign in with FortiCloud'. The request is then redirected to an APIPA (Automatic Private IP Addressing) address, which the browser fails to load due to a connection timeout.

image (64).png

It does not open the FortiGate and shows an error site can not be reached with the automatically assigned private IP address instead of the FortiGate IP, as shown below:

image (65).png

When selecting the 'Sign in with FortiCloud' button, FortiOS generates a SAML AuthnRequest with AssertionConsumerServiceURL pointing to a link-local IP, for example, 'https://169.254.29.14/saml/?forticloud-acs', instead of the device's FortiCloud FQDN. This breaks FortiCloud SSO.

This is a known issue in FortiGate v7.6.4 and is scheduled to be fixed in the future release of FortiOS v7.6.5.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Unable to login to FortiGate from FortiGate Cloud, getting a link-local IP 169.254.x.x

You are leaving our website