Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
stacy6
New Contributor

Client VPN advice

Hi all,

I've been tasked with implementing VPN connections for our remote users that improve on the existing SSL-VPN provision in a couple of ways.

1: We want the Windows-based clients to start their VPN connections on boot, before the user logs in, so that they have a connection in to our Windows domain controllers and the Windows clients can update their local info from the DC's prior to doing the login.

2: we want to implement MFA on our VPN connections using pre-existing Microsoft O365/AzureAD accounts as users are already extensively using this system elsewhere and we don't want to add yet another 2FA method (i.e. no fortitoken :D )

The problem is I don't even know what terminology I need to use to dig out relevant information from the Fortinet documentation site. I *think* I need to set up an IPSEC client vpn instead of the SSL-VPN they're already using, and deploy a different config on the Forticlient, but my searching has been fruitless thus far. Can someone point me in the right direction please?

Cheers,

 

Stacy

https://showbox.bio https://vidmate.cool/
1 REPLY 1
AlexNgian
New Contributor

I think what you are looking for is Azure AD SAML SSO setup. I could only get it to work with trusted 3rd party cert though, not self-signed certs and only using SSL VPN.  

 

https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/azure-administration-guide/584456/co...

 

Maybe there is some others more experienced able to help with your requirements. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors