IkeV2 VPN with EntraID SAML

forti5 · ‎11-07-2025

All configured and working to a point ! SAML authentication works fine but as soon as I authenticate the connection Immediately drops !

Last Disconnect Reason: HostnameResolveNonRecoverableError

Can anyone suggest where to start with troubleshooting this ?

I've tried the following but found not errors.

diagnose debug application fnbamd -1

diagnose debug application saml -1

diagnose debug application ike -1

diagnose debug application eap_proxy -1

Dj

funkylicious · ‎11-07-2025

what version are you running on FortiGate ?

"jack of all trades, master of none"

hpenmetsa · ‎11-07-2025

Hi,

Does this happen to only one user or to all users?

Could you please share the output?

diagnose debug reset

diagnose vpn ike log-filter dst-addr4 <client public ip>

diagnose debug app ike -1

diagnose debug app eap_proxy -1

diagnose debug app samld -1

diagnose debug enable

replicate the issue connecting to a VPN

AEK · ‎11-08-2025

Looks like a DNS issue.

Are your DNS queries sent through the tunnel once it is up?
Are they served correctly?
Is the telemetry server's FQDN resolved with a different address (e.g.: the private IP) once connected?

Try fix these and redo the test.

AEK

Nominate a Forum Post for Knowledge Article Creation