Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lexdef
New Contributor

Created on ‎04-01-2025 01:33 AM

How to force FClient to only validate connections only via SSO

Hi all,

Users connecting via VPN must be validated via SSO (the IdP is Azure). The problem arises if the user chooses to authenticate via LDAP; the queries reach the server, allowing an attacker to cause a DoS.

Force this option in fclient is not an option cause anyone from outside our organization could do it.

Has anyone encountered this problem?

Thnks in advance!

 

 

67
0 Kudos
2 REPLIES 2
yderek
Staff
Staff

Created on ‎04-01-2025 02:39 PM

HI, lexdef

 

Is your intention to block the Dos/DDOS attack targeting on your LDAP server using SSLVPN ?

 

When you say the user trying to use LDAP credentials, do they successfully logged in? Or you just seeing the attempt that some random user trying to access your SSLVPN using LDAP credential against your LDAP server 

41
lexdef
New Contributor
In response to yderek

Created on ‎04-02-2025 12:15 AM

Hi yderek,

What I need is to force fclients to log in with SSO, and disable this authentication via LDAP.

If the user decides to authenticate via LDAP the query could arrive at the server, and an attacker could cause a DoS attack.

Thanks!

11
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.