Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dweimer
New Contributor

SSL VPN using SAML on slow connections (Satellite)

We are switching from Radius to SAML with Azure, its working well for most people. However a few of our users can't connect from their homes. In all cases they have a slow connection, 1 user is using cell phone as a hotspot, but with poor reception limiting bandwidth. The other 2 users are both using satellite internet ViaSat. In all 3 cases they can complete the SAML login pop-up but then it goes back to FortiClient and never begins the percentage count up that normally occurs. The client just sits there, we have verified that the laptops can connect fine if changed to a better internet link. Has anyone else seen this, and/or know of a setting that I can adjust to fix it.

5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello dweimer,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello dweimer,

 

I have found this document which explain how to configure FortiClient VPN with multifactor authentication

 

https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/azure-administration-guide/517582/co...

 

Could you please tell me if it helped?

 

Thanks a lot in advance.

 

Regards,

Anthony-Fortinet Community Team.
cchiriches
Staff
Staff

Hi dweimer,

 

Do you have a FortiClient license?

Have you tried over web vpn? Please try that.
Make sure it's enabled, example below:

 

fortigate (root) # config vpn ssl web portal

config vpn ssl web portal
edit "full-access"
set web-mode enable

end

 

It is very likely that the poor quality link is preventing the VPN to come up.

Debbie_FTNT
Staff
Staff

Hey dweimer,

in addition to the above - if this happens only on slow connections, we could be looking at a timeout issue.

Can you check this on FortiGate?

#config system global

#show full | grep remoteauthtimeout

-> this should show the remoteauthtimeout setting; how long the FortiGate will wait for a remote authentication server to respond before timing out the connection

-> if your users are slow with connecting to the IdP, this may mean FortiGate is getting the successful user login after timeout

-> you could consider increasing the remoteauthtimeout value (it is in seconds) to see if that helps with your issue

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
flubrano
New Contributor

I already had this problem Azure AD and phone as a hotspot, test by lowering the MTU of the PC to 1200

fred lubrano