Hi team,
I am trying to set up two-factor authentication using SAML for my ZTNA server. I am using Fortigate as the SP SAML and Fortiauthenticator as the SAML idP. The private address of my Fortiauthenticator is 10.1.1.2. The same ip address I use as the SAML idP.
I configured the VIP to Fortigate VIP 172.172.172.172:11443->10.1.1.2:443 so that the client can access the SAML idP from the internet. When I try to connect from the internet, I get to the Fortiauthenticator login page and not the SAML idP authorization page.
Can I use the same IP address 10.1.1.2 for Fortiauthenticator, both the management IP and the SAML idP?
FortiAuthenticator FortiGate #SAML #ZTNA
Created on 12-23-2022 01:28 AM
Hello
What you have configured is basically a port forward to FAC , so when you hit it from outside it will lead to the FAC login page
Can you clarify your end objective further, so you want to administer fgt via saml auth ?
If yes please cross-check with the guide for admin firewall SAML auth
Created on 12-23-2022 02:03 AM Edited on 12-23-2022 03:33 AM
Hi,
@Anonymous I want two-factor authentication using Fortiauthenticator to access the ZTNA 10.1.2.2 server. But instead of https://172.172.172.172:11443/saml-idp/portal/ I get to https://172.172.172.172:11443/login/?next=/, which is the Fortiauthenticator login page
I am trying to implement this scenario https://docs.fortinet.com/document/fortigate/7.0.9/administration-guide/259754/ztna-access-proxy-with-saml-and-mfa-using-fortiauthenticator-example
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.