Hi all.
We have an issue after configuring SSL VPN through Azure SAML and we can no longer reach Fortigate GUI via HTTP/HTTPS. We get prompted to use authentication via Azure when surfing to the WAN IP. This may be by default but even when we authenticate we just get redirected to the SLL VPN web portal instead of the Fortigate GUI.
I have compared every setting I can think of and can't seem to find any solultion to this.
We can surf to FQDN but it's the same story. We get asked to authenticate and is then redirected to the SSL VPN web portal.
Fortigate 60F with FortiOS 6.4.14
Any help or suggestions is appreciated!
Kind regards
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi all.
We have solved the problem. After going through all configuration once more we could see that saml was configured twice. Both as "config system saml" and "config user saml".
Quite a stupid misstake. But it seems to be a result of both configuring saml in CLI and GUI.
Disabling "config system saml" solved the issue.
Thanks for all your responses!
Hi @Tweesiee ,
Try to use different port for SSLVPN setting for example to listen on port 10443 instead of the default one 443, check the below documentation ,it might help
Hi!
Might have been good to mention that but yes, we are using port 10443 instead of the default port.
Kind regards
Hi @Tweesiee,
Make sure you put https://x.x.x.x when trying to access the GUI. If it is not port 443, you need to put the port number as well. HTTP traffic might be redirected to the SSL VPN if "Redirect HTTP to SSL-VPN" option is enabled under SSL VPN setting.
Regards,
Hi.
We have tried every way, http:// & https:// with both wan IP and FQDN. We get the same results. It redirects to https://FQDN:10443
This is the SSL VPN web portal.
Can you run a packet capture and filter by your source public IP (replace x.x.x.) and try to access the GUI again.
di sniffer packet any 'host x.x.x.x' 4 0 l
Regards,
Hi @Tweesiee,
It looks like you have used 443 for SSL VPN setting. Can you please check under VPN > SSL VPN setting and check listen on port section. Try to use another port for SSL VPN and used 443 for GUI.
Best regards,
Minh
Hi @Tweesiee,
Via CLI you can verify the SSL VPN port:
config vpn ssl settings
set port <default is 443> <---- It looks that the port here is 443 if it is 443 try to change to 8443 or 10443
Best regards,
Hi all.
We have solved the problem. After going through all configuration once more we could see that saml was configured twice. Both as "config system saml" and "config user saml".
Quite a stupid misstake. But it seems to be a result of both configuring saml in CLI and GUI.
Disabling "config system saml" solved the issue.
Thanks for all your responses!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.