Hi All,
I have done configuration with user certificates according to this article Cookbook | FortiGate / FortiOS 6.2.9 | Fortinet Documentation Library
and it's working.
Now I want to do it with computer only certificate, but it won't work.
I done configuration similar as for user only diffrence that use computer certificate and distinguishedName as common name identifier.
And it won't connect
Is it possible at all?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I highly doubt you can get that to work and in a multi-user environment, I would use "users" certificates fwiw
Machine certificate are not what you want if you need security from a user perspective.
Ken Felix
PCNSE
NSE
StrongSwan
Hi Ken,
Thank You for your answer.
I know this should not be final configuration, that why I have running vpn with user certificates.
I need computer certificates for emergency vpn connection, when user certificate expire.
Some of my users don't work with vpn to much and certificates expiring for them.
Since yesterday I was able to configure that forti finds the computer in ad and the group assigned to it based on the generated certificate, but unfortunately now forti cannot compare whether the found group in ad is the one I indicated in the configuration. I don't know why this is because the groups are the same and the computer belongs to this group.
Tom
Interesting but I never heard of it used an emergency tho. Have you read this KB? This speaks purely about how you have to give the forticlient user read access to the computer certificate which is a challenge.
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47826
That might get you farther and might get your VPN up.
Ken Felix
PCNSE
NSE
StrongSwan
Emergency means that normally in assigned group will be no computer.
It will be added there when user certificate expires to renew it.
Anyway I changed configuration according to this article on beginning of my configuration.
I'm looking to my log and I don't know why fortigate won't match group to Portal Mapping groups.
With users everything working fine. VPN connects only with certificate no need users credentials (login/password)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.