Has anyone faced issue with SCEP in FGT VDOM mode ?
I have two environments where I use SCEP
one environment has fortigate and fortiauthenticator , while the fortigate is not in vdom mode . And I use there SCEP for auto certificate enrollment and its working fine
another environment I have is where Fortigate is configured with multiple vdoms and in one vdom I'm trying to use SCEP along with fortiauthenticator and it is not working when I'm trying to use the internal IP of the fortiauthenticator as the SCEP server. But when I switch to the public IP of the fortiauthenticator it is working just fine ...
In 'config vpn certificate local" I tried to change this setting "set source-ip 0.0.0.0" to "set source-ip <lan interface ip addr>" , but got this error message:
node_check_object fail! for source-ip 172.26.137.33
how can solve this problem??
Thanks
Hi,
Same problem here...
Did you figure out how to solve it?
Thanks
AM
Hey Antonio,
If you have the exact same issue as live89 (FortiAuthenticator doesn't renew certificates if the request comes in on an internal interface, but DOES if the request comes via its public interface) that sounds as if SCEP is not enabled on the particular FortiAuthenticator interface; I would suggest checking the interface details and seeing what services are enabled.
Hi
I know that this is a bit late, but I have been building a multi-VDOM SCEP lab and found a few bits that maybe useful. With limited info about the setup I have made the following observations which may help.
Thanks
Rich
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.