Description | This article describes how to resolve the issue of SSL VPN if a user cannot connect to SSL VPN after accepting MFA with SAML MFA on Azure Entra. |
Scope | FortiGate. |
Solution |
SAML server is configured on FortiGate.
diagnose debug application sslvpn diagnose debug application fnbamd diagnose debug application samld -1 diagnose debug console timestamp enable diagnose debug enable
Time expired error shows in SAML debug on FortiGate.
[296:root:a881]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
For MFA authentication, verify the remote authentication value. The default remote authentication timeout value is 5 seconds. Increase the timeout value for MFA to 60 seconds.
config system global end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.