Hi Guys,
I'm very frsutrated about the shift to IPSEC.
IPSEC over TCP isn't really ready in 7.4, LDAP auth only works wit eat-ttls what means a bad config in FortiClient etc.
And now I'm standing in front of my next problem.
I have 3 Entra tenants all 3 should use SAML for IPSEC. In SSLVPN I would configure Realms, but what is the the way with IPSEC? In my understanding I only can configure 1 SAML Port on my WAN interface but for 3 tenants I have to use 3 different SAML ports for 3 Applications.
Any ideas or am I wrong?
By the way, how do you deploy ikev2 with LDAP in FortiClient?
Hi, I have not yet implemented such a requirement as I have only ever used SAML with one IdP - but the following FAC feature could possibly be a solution for you?
The FAC can be set up as a SAML proxy in order to connect several IdPs behind it.
P.S.: Unfortunately, I have not yet managed the shift to ipsec satisfactorily to replace ssl vpn with a clear conscience.
KR Fabian
User | Count |
---|---|
2522 | |
1347 | |
794 | |
639 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.