- In this example, the IKE SAML port is 10443.
config system global
set auth-ike-saml-port 10443
end
- Upgrading the FortiGate to firmware versions 7.6.3 or 7.4.8, or rebooting on that firmware, will result in the reset of the custom port 10443 to the default port.
FortiGate-71F # config system global
FortiGate-71F (global) # show
config system global
set alias "FortiGate-71F"
set gui-auto-upgrade-setup-warning disable
set hostname "FortiGate-71F"
set switch-controller enable
set timezone "US/Pacific"
set virtual-switch-vlan enable
end
FortiGate-SecuorCHIC-71F # config system global
FortiGate-SecuorCHIC-71F (global) # show | grep ike
FortiGate-SecuorCHIC-71F (global) #
FortiGate-SecuorCHIC-71F (global) # show full | grep ike
set auth-ike-saml-port 1001
- Console cable connection will also show the error or warning after reboot of the firewall on v7.6.3 and v7.4.8 as well.
Booting OS...
Initializing firewall...
System is starting...
Starting system maintenance...
Scanning /dev/mmcblk0p1... (100%)
Scanning /dev/mmcblk0p3... (100%)
The config file may contain errors.
Please see details by the command 'diagnose debug config-error-log read'.
FortiGate-SecuorCHIC-71F login: admin
Password:
Verifying password...
Welcome!
WARNING: File System Check Recommended! An unsafe reboot may have caused an inconsistency in the disk drive.
It is strongly recommended that you check the file system consistency before proceeding.
Please run 'execute disk scan 259'
Note: The device will reboot and scan the disk during startup. This may take up to an hour.
FortiGate-SecuorCHIC-71F # diagnose debug config-error-log read
>>> "set" "auth-ike-saml-port" "10443" @ global.system.global:failed command (error -23)
- This issue is reported only when 'auth-ike-saml-port' is set to 10443.
- As a workaround, use any random port instead of 10443. As shown in the test below, there is no error or warning if a different custom port is used.
FortiGate-71F # config system global
FortiGate-71F (global) #
FortiGate-71F (global) # show
config system global
set alias "FortiGate-71F"
set auth-ike-saml-port 5467
set gui-auto-upgrade-setup-warning disable
set hostname "FortiGate-71F"
set switch-controller enable
set timezone "US/Pacific"
set virtual-switch-vlan enable
end
The system is going down NOW !!
Please stand by while rebooting the system.
Restarting system.
FortiGate-71F (19:04-02.28.2022)
Ver:05000001
Serial number: FGT71FTK22001187
CPU: 1200MHz
Total RAM: 4 GB
Initializing boot device...
Initializing MAC... NP6XLITE#0
Please wait for OS to boot, or press any key to display configuration menu......
Booting OS...
Initializing firewall...
System is starting...
FortiGate-71F # diagnose debug config-error-log read
FortiGate-71F # config system global
FortiGate-71F (global) # show
config system global
set alias "FortiGate-71F"
set auth-ike-saml-port 5467
set gui-auto-upgrade-setup-warning disable
set hostname "FortiGate-71F"
set switch-controller enable
set timezone "US/Pacific"
set virtual-switch-vlan enable
end
This issue has been resolved in v8.0.0 (scheduled to be released in February 2026). These timelines for firmware release are estimates and may be subject to change.
Related article:
Technical Tip: auth-ike-saml-port changed after device reboot
|
