Fortigate VPN & Okta LDAP

cdoggyd · ‎09-24-2024

I'm running a free trial with Okta, and I'm trying to configure Okta as an LDAP server to authenticate Fortigate VPN users. I have the LDAP Interface set up in Okta already. When I go to set up the LDAP server in the Fortigate, I'm getting an error each time I test connectivity:

Can't contact LDAP server

Any suggestions?

johnathan · ‎09-24-2024

I would verify the FortiGate can resolve that domain properly by doing 'exec ping trial-xxxx.ldap.okta.com'.
If the firewall can resolve that fine, I would make sure it is reaching out properly by doing a sniffer.
The command for that would be 'di sni pack any 'port 636' 4 0 l'.
I would run that command, then test connectivity again.

"Never trust a computer you can't throw out a window."

FortiArt · ‎09-24-2024

You can start by disabling secure LDAP (secure connection radio button) to test if this resolve the issue. If it resolved this narrow down the problem to security certificate mismatch or so. Make sure the Username to query LDAP has sufficient privileges' to after confirming DNS resolution and reachability. In addition you can try different Bind Types and see if this helps

Fortigate VPN & Okta LDAP

Nominate a Forum Post for Knowledge Article Creation