Hi,
currently we use a Fortinet 500D with version 5.6 for SSL-VPN.
We have two VDOMs
VDOM root (for the old world, IP Sec and local accounts) VDOM1 (for a new AD environment SSO)
In the VDOM1 environment we use a computer certificate to establish a connection. No user authentification is required at this time. The Fortinet 500D looks at the upn of the computer object in AD and if it is matching the computer will grant access based on his group membership. This is working very well.
(Tunnel mode and split tunneling is on. No using of scep or Fortinet Authenticator) https://cookbook.fortinet...tegrated-certificates/
But now we got some iPhones/iPads and we can't integrate it in the same way.
We configured it in the following manner: - We installed the FortiClient 5.6.6 on this IOS devices. - We installed the device certificate for the fortinet client and see it. - We created dummy AD iOS computer objects with the upn/dns attribute. - We omit the username/password on the FortiClient configuration wizard. => The configuration above is not working as expect because we don't get a connection.
It seems that the ldapmode pincipal-name is a bad idea together with iPhones/iPads. Perhaps they should get access if the certificate itself is OK and without upn matching.
How can we integrate this device group with vpn-ssl and certificates? Do we need a third VDOM?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Solved. The problem was on the Fortinet VPN-Client side. The certificate has a wrong extension .pfx instead of .p12
By installing the certification path via email method there was no question about the secret to install. With iTunes and entering the secret in the passphrase we get a connection.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.