Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
heman7
New Contributor

IKEv2 with SAML and 3 diffenerent Entra tenants

Hi Guys,

I'm very frsutrated about the shift to IPSEC.

IPSEC over TCP isn't really ready in 7.4, LDAP auth only works wit eat-ttls what means a bad config in FortiClient etc.
And now I'm standing in front of my next problem.

I have 3 Entra tenants all 3 should use SAML for IPSEC. In SSLVPN I would configure Realms, but what is the the way with IPSEC? In my understanding I only can configure 1 SAML Port on my WAN interface but for 3 tenants I have to use 3 different SAML ports for 3 Applications.

Any ideas or am I wrong?

By the way, how do you deploy ikev2 with LDAP in FortiClient?

https://19216811.cam/ https://1921681001.id/
1 REPLY 1
fg_muc
New Contributor III

Hi, I have not yet implemented such a requirement as I have only ever used SAML with one IdP - but the following FAC feature could possibly be a solution for you?

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/07519fff-c6d3-11ef-9411-ae1fcf...

 

The FAC can be set up as a SAML proxy in order to connect several IdPs behind it.

 

P.S.: Unfortunately, I have not yet managed the shift to ipsec satisfactorily to replace ssl vpn with a clear conscience.

 

KR Fabian

"Latency is just your network being dramatic."
"Latency is just your network being dramatic."
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors