Hi, I just migrated from a cisco router to a Fortigate 40F. And since the migration I have had problems with Cisco ISE and MFA authentication.

The FGT40F Branch connects to a FGT1000F in HQ, via 2 site-to-site VPNs over the internet in a sdwan zone. Behind the 1000F is the AD server and Cisco ISE.

The authorization and authentication path goes through the 2 FGTs to the AD/DNS and ISE servers located in the HQ.

PC --- AP ---- FGT60F ------FGT1000F-----Core----AD/DNS/ISE

I have no communication problems with ping, traceroute, DNS. I have checked MTU on both FGTs and they have the same size. I also checked Security Profiles (IPS, DNS filtering, AV, DoS policy) At log level the only thing I can see are several events to DNS, AD, ISE destinations with action: Accept ip-conn.

Previously the traffic arrived directly to the CORE located in HQ, so it did not go through the FGTs.

Does anyone know what it could be?