Failed on FortiClientVPN with SSO/SAML + MFA using O365 on Android
I advice by technical support based on the ticket id 7990064 to find the answer in here, because i am using Forticlient free version so didn't come with Technical support.
I was implementing FortiClientVPN (free) with SSO/SAML + MFA using O365 Azure on Windows/IOS/Android clients and connect to a Fortigate-501E running FortiOS version 7.0.9,build0444 (GA) and it works very well.
The issue on Android client happen since both Android13 OS and FortiClient VPN apps v7.0.xx released.
When Forticlient VPN apps on Android trying to connect it will automatically redirect chrome browser to O365 azure login page, the authentication and MFA approval process works fine, but get stuck on browser with displaying "This site can't be reached...127.0.0.1 refused to connect" and it never loads the forticlient VPN apps.
Troubleshooting taken, update chrome apps, changes default browser to firefox , downgrade forticlient vpn apps from v7.0.9 to v7.0.3 not solved the issue
You should try it on lab environment so you can have the experience.
3. if a FCT downgrade didn't do any good, I suspect some changes in Android 13 might have something to do with the issue. I think it is the root cause, some compatibility issue on Android13 with FCT that running SAML + MFA with Azure O365.
4. on Android/Ios, can you access the web SSL vpn portal? Does the auth work? What do you mean the FCT web SSLVPN portal or Azure O365 portal? because we only actived Tunnel mode on SSLVPN with SAML, if you mean Azure O365 portal the auth work fine either on Android or IOS.
5. do you have the exact same issue on IOS/Windows?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.