I have a user who is trying to run 3D CAD sessions over the SSLVPN. Yes, I know this is a terrible idea, and yes, he's been told. However. He is insisting that sessions initiated with SAML are slower and less responsive than are sessions authorized with a RADIUS connection to a NPS server that uses the Azure MFA plugin.
I don't understand how this is possible.
Is it possible? If so, how should I proceed, seeing as how we're using the free SSLVPN client?
Solved! Go to Solution.
Hi @mackdav1,
SAML or RADIUS, they are just for authentication. After the user is connected, traffic is handled by the FortiGate. There shouldn't be a difference in speed. Unless, you have separate firewall policies for SAML and RADIUS groups and the policy for SAML group has Security Profiles enabled. You can check the firewall policy and also make sure DTLS is enabled. https://community.fortinet.com/t5/FortiGate/Technical-Note-Using-DTLS-to-improve-SSL-VPN-performance...
Regards,
Hi @mackdav1,
SAML or RADIUS, they are just for authentication. After the user is connected, traffic is handled by the FortiGate. There shouldn't be a difference in speed. Unless, you have separate firewall policies for SAML and RADIUS groups and the policy for SAML group has Security Profiles enabled. You can check the firewall policy and also make sure DTLS is enabled. https://community.fortinet.com/t5/FortiGate/Technical-Note-Using-DTLS-to-improve-SSL-VPN-performance...
Regards,
SAML users are included on all the same policies as the non-SAML users, so there's no policy or underlying configuration difference.
Unless someone has any other ideas I'm just gonna assume this is a user hallucination.
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.