Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor

FortiGate VPN with SAML Authentication to Entra

Hi,

 

I have a FortiGate FGT200F running 7.2 with a VPN setup to authenticate with SAML Entra (Azure), Its will working well but I am wanting to give the VPN users different Web Filter policies base on their Entra group they authenticated with. How would I configure outgoing ssl.root -> virtual-wan-link firewall policies base on the users group. 

2 REPLIES 2
AnthonyH
Staff
Staff

Hello julianhaines,

 

You may need to configure SSLVPN Realms to associate the VPN user's in your different webfilter firewall policies. https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/724772/ssl-vpn-multi-realm

Technical Support Engineer,
Anthony.
adimailig
Staff
Staff

Hello,

You need to create multiple User Groups on Fortigate, add Azure (SAML) Remote Server and specify Azure/Entra Group ID.
After that configure SSL VPN Authentication / Portal Rule.
Then create firewall policy per user group and incorporate specific Web Filter Profile per User Group.

Best Regards,

Arnold Dimailig
TAC Engineer
Labels
Top Kudoed Authors