Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor III

Created on ‎02-26-2024 07:47 AM

FortiGate VPN with SAML Authentication to Entra

Hi,

 

I have a FortiGate FGT200F running 7.2 with a VPN setup to authenticate with SAML Entra (Azure), Its will working well but I am wanting to give the VPN users different Web Filter policies base on their Entra group they authenticated with. How would I configure outgoing ssl.root -> virtual-wan-link firewall policies base on the users group. 

Labels:
936
0 Kudos
2 REPLIES 2
AnthonyH
Staff
Staff

Created on ‎02-26-2024 10:34 AM

Hello julianhaines,

 

You may need to configure SSLVPN Realms to associate the VPN user's in your different webfilter firewall policies. https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/724772/ssl-vpn-multi-realm

Technical Support Engineer,
Anthony.
920
adimailig
Staff
Staff

Created on ‎02-26-2024 08:18 PM

Hello,

You need to create multiple User Groups on Fortigate, add Azure (SAML) Remote Server and specify Azure/Entra Group ID.
After that configure SSL VPN Authentication / Portal Rule.
Then create firewall policy per user group and incorporate specific Web Filter Profile per User Group.

Best Regards,

Arnold Dimailig
TAC Engineer
896
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.