We are switching from Radius to SAML with Azure, its working well for most people. However a few of our users can't connect from their homes. In all cases they have a slow connection, 1 user is using cell phone as a hotspot, but with poor reception limiting bandwidth. The other 2 users are both using satellite internet ViaSat. In all 3 cases they can complete the SAML login pop-up but then it goes back to FortiClient and never begins the percentage count up that normally occurs. The client just sits there, we have verified that the laptops can connect fine if changed to a better internet link. Has anyone else seen this, and/or know of a setting that I can adjust to fix it.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello dweimer,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello dweimer,
I have found this document which explain how to configure FortiClient VPN with multifactor authentication
Could you please tell me if it helped?
Thanks a lot in advance.
Regards,
Hi dweimer,
Do you have a FortiClient license?
Have you tried over web vpn? Please try that.
Make sure it's enabled, example below:
fortigate (root) # config vpn ssl web portal
config vpn ssl web portal
edit "full-access"
set web-mode enable
end
It is very likely that the poor quality link is preventing the VPN to come up.
Hey dweimer,
in addition to the above - if this happens only on slow connections, we could be looking at a timeout issue.
Can you check this on FortiGate?
#config system global
#show full | grep remoteauthtimeout
-> this should show the remoteauthtimeout setting; how long the FortiGate will wait for a remote authentication server to respond before timing out the connection
-> if your users are slow with connecting to the IdP, this may mean FortiGate is getting the successful user login after timeout
-> you could consider increasing the remoteauthtimeout value (it is in seconds) to see if that helps with your issue
I already had this problem Azure AD and phone as a hotspot, test by lowering the MTU of the PC to 1200
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.