Dear forum,
I am unable to implement successful SAML authentication using azure entra ID for fortigate/forticlient vpn.
Fortigate 200F v7.2.10
FortiClient 7.4.0.1658
Azure/Entra ID for SAML Authentication
VPN Phase 1/2 settings working correctly (confirmed with local auth).
Any guidance would be greatly appreciated.
Logs:
Parkside-Core-FW1 # diagnose debug reset
Parkside-Core-FW1 # diagnose debug application ike -1
Debug messages will be on for 30 minutes.
Parkside-Core-FW1 # diagnose debug application fnbamd -1
Debug messages will be on for 30 minutes.
Parkside-Core-FW1 # diagnose debug enable
Parkside-Core-FW1 # [2579] handle_req-Rcvd auth cache message
[132] __saml_auth_cache_push-Auth cache created, user='F23484CE-7E30-4530-8175-C0754B374085', SAML_server='saml-entra-id', vfid=0
[139] __saml_auth_cache_push-Hash bucket 157
[3438] fsm_initialize-Sent ACCT-ON
[2085] fnbamd_cfg_init-
[468] fnbamd_add_ca_hash-new ca 'ACCVRAIZ1', subject '/CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AC_RAIZ_FNMT-RCM', subject '/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS', subject '/C=ES/O=FNMT-RCM/OU=Ceres/organizationIdentifier=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SE
RVIDORES SEGUROS', vfid -1
[468] fnbamd_add_ca_hash-new ca 'ANF_Secure_Server_Root_CA', subject '/serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server
Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Actalis_Authentication_Root_CA', subject '/C=IT/L=Milan/O=Actalis S.p.A.\/03358520967/CN=Actalis Authentication Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AffirmTrust_Commercial', subject '/C=US/O=AffirmTrust/CN=AffirmTrust Commercial', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AffirmTrust_Networking', subject '/C=US/O=AffirmTrust/CN=AffirmTrust Networking', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AffirmTrust_Premium', subject '/C=US/O=AffirmTrust/CN=AffirmTrust Premium', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AffirmTrust_Premium_ECC', subject '/C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Amazon_Root_CA_1', subject '/C=US/O=Amazon/CN=Amazon Root CA 1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Amazon_Root_CA_2', subject '/C=US/O=Amazon/CN=Amazon Root CA 2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Amazon_Root_CA_3', subject '/C=US/O=Amazon/CN=Amazon Root CA 3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Amazon_Root_CA_4', subject '/C=US/O=Amazon/CN=Amazon Root CA 4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Atos_TrustedRoot_2011', subject '/CN=Atos TrustedRoot 2011/O=Atos/C=DE', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Atos_TrustedRoot_Root_CA_ECC_TLS_2021', subject '/CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Atos_TrustedRoot_Root_CA_RSA_TLS_2021', subject '/CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_-_V1', subject '/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62
634068', vfid -1
[468] fnbamd_add_ca_hash-new ca 'BJCA_Global_Root_CA1', subject '/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'BJCA_Global_Root_CA2', subject '/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Baltimore_CyberTrust_Root', subject '/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Buypass_Class_2_Root_CA', subject '/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Buypass_Class_3_Root_CA', subject '/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CA_Disig_Root_R2', subject '/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CFCA_EV_ROOT', subject '/C=CN/O=China Financial Certification Authority/CN=CFCA EV ROOT', vfid -1
[468] fnbamd_add_ca_hash-new ca 'COMODO_Certification_Authority', subject '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority'
, vfid -1
[468] fnbamd_add_ca_hash-new ca 'COMODO_ECC_Certification_Authority', subject '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Au
thority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'COMODO_RSA_Certification_Authority', subject '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Au
thority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certainly_Root_E1', subject '/C=US/O=Certainly/CN=Certainly Root E1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certainly_Root_R1', subject '/C=US/O=Certainly/CN=Certainly Root R1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certigna', subject '/C=FR/O=Dhimyotis/CN=Certigna', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certigna_Root_CA', subject '/C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certum_EC-384_CA', subject '/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certum_Trusted_Network_CA', subject '/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA'
, vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certum_Trusted_Network_CA_2', subject '/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network C
A 2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certum_Trusted_Root_CA', subject '/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA', vfid
-1
[468] fnbamd_add_ca_hash-new ca 'CommScope_Public_Trust_ECC_Root-01', subject '/C=US/O=CommScope/CN=CommScope Public Trust ECC Root-01', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CommScope_Public_Trust_ECC_Root-02', subject '/C=US/O=CommScope/CN=CommScope Public Trust ECC Root-02', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CommScope_Public_Trust_RSA_Root-01', subject '/C=US/O=CommScope/CN=CommScope Public Trust RSA Root-01', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CommScope_Public_Trust_RSA_Root-02', subject '/C=US/O=CommScope/CN=CommScope Public Trust RSA Root-02', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Comodo_AAA_Services_root', subject '/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services', vfid -1
[468] fnbamd_add_ca_hash-new ca 'D-TRUST_BR_Root_CA_1_2020', subject '/C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020', vfid -1
[468] fnbamd_add_ca_hash-new ca 'D-TRUST_EV_Root_CA_1_2020', subject '/C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020', vfid -1
[468] fnbamd_add_ca_hash-new ca 'D-TRUST_Root_Class_3_CA_2_2009', subject '/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009', vfid -1
[468] fnbamd_add_ca_hash-new ca 'D-TRUST_Root_Class_3_CA_2_EV_2009', subject '/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Assured_ID_Root_CA', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Assured_ID_Root_G2', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Assured_ID_Root_G3', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Global_Root_CA', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Global_Root_G2', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Global_Root_G3', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_High_Assurance_EV_Root_CA', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_TLS_ECC_P384_Root_G5', subject '/C=US/O=DigiCert, Inc./CN=DigiCert TLS ECC P384 Root G5', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_TLS_RSA4096_Root_G5', subject '/C=US/O=DigiCert, Inc./CN=DigiCert TLS RSA4096 Root G5', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Trusted_Root_G4', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust.net_Premium_2048_Secure_Server_CA', subject '/O=Entrust.net/OU=www.entrust.net\/CPS_2048 incorp. by ref. (limits liab.)/OU=(c)
1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust_Root_Certification_Authority', subject '/C=US/O=Entrust, Inc./OU=www.entrust.net\/CPS is incorporated by reference/OU=(c) 2006
Entrust, Inc./CN=Entrust Root Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust_Root_Certification_Authority_-_EC1', subject '/C=US/O=Entrust, Inc./OU=See www.entrust.net\/legal-terms/OU=(c) 2012 Entrust, I
nc. - for authorized use only/CN=Entrust Root Certification Authority - EC1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust_Root_Certification_Authority_-_G2', subject '/C=US/O=Entrust, Inc./OU=See www.entrust.net\/legal-terms/OU=(c) 2009 Entrust, In
c. - for authorized use only/CN=Entrust Root Certification Authority - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust_Root_Certification_Authority_-_G4', subject '/C=US/O=Entrust, Inc./OU=See www.entrust.net\/legal-terms/OU=(c) 2015 Entrust, In
c. - for authorized use only/CN=Entrust Root Certification Authority - G4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'FIRMAPROFESIONAL_CA_ROOT-A_WEB', subject '/C=ES/O=Firmaprofesional SA/organizationIdentifier=VATES-A62634068/CN=FIRMAPROFESIONAL CA RO
OT-A WEB', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Fortinet_CA', subject '/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortin
et.com', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Fortinet_CA_Backup', subject '/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fort
inet.com', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Fortinet_Sub_CA', subject '/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca2001/emailAddress=supp
ort@fortinet.com', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Fortinet_Wifi_CA', subject '/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GDCA_TrustAUTH_R5_ROOT', subject '/C=CN/O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD./CN=GDCA TrustAUTH R5 ROOT', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GTS_Root_R1_-_V1', subject '/C=US/O=Google Trust Services LLC/CN=GTS Root R1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GTS_Root_R2_-_V1', subject '/C=US/O=Google Trust Services LLC/CN=GTS Root R2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GTS_Root_R3_-_V1', subject '/C=US/O=Google Trust Services LLC/CN=GTS Root R3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GTS_Root_R4_-_V1', subject '/C=US/O=Google Trust Services LLC/CN=GTS Root R4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_ECC_Root_CA_-_R4_-_V1', subject '/OU=GlobalSign ECC Root CA - R4/O=GlobalSign/CN=GlobalSign', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_ECC_Root_CA_-_R5', subject '/OU=GlobalSign ECC Root CA - R5/O=GlobalSign/CN=GlobalSign', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_CA', subject '/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_CA_-_R3', subject '/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_CA_-_R6', subject '/OU=GlobalSign Root CA - R6/O=GlobalSign/CN=GlobalSign', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_E46', subject '/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_R46', subject '/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Go_Daddy_Class_2_CA', subject '/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Go_Daddy_Root_Certificate_Authority_-_G2', subject '/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Aut
hority - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'HARICA_TLS_ECC_Root_CA_2021', subject '/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021', vfid -1
[468] fnbamd_add_ca_hash-new ca 'HARICA_TLS_RSA_Root_CA_2021', subject '/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015', subject '/C=GR/L=Athens/O=Hellenic Academic and Research Institutions Ce
rt. Authority/CN=Hellenic Academic and Research Institutions ECC RootCA 2015', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Hellenic_Academic_and_Research_Institutions_RootCA_2015', subject '/C=GR/L=Athens/O=Hellenic Academic and Research Institutions Cert.
Authority/CN=Hellenic Academic and Research Institutions RootCA 2015', vfid -1
[468] fnbamd_add_ca_hash-new ca 'HiPKI_Root_CA_-_G1', subject '/C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Hongkong_Post_Root_CA_3', subject '/C=HK/ST=Hong Kong/L=Hong Kong/O=Hongkong Post/CN=Hongkong Post Root CA 3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'ISRG_Root_X1', subject '/C=US/O=Internet Security Research Group/CN=ISRG Root X1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'ISRG_Root_X2', subject '/C=US/O=Internet Security Research Group/CN=ISRG Root X2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'IdenTrust_Commercial_Root_CA_1', subject '/C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'IdenTrust_Public_Sector_Root_CA_1', subject '/C=US/O=IdenTrust/CN=IdenTrust Public Sector Root CA 1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Izenpe.com', subject '/C=ES/O=IZENPE S.A./CN=Izenpe.com', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Microsec_e-Szigno_Root_CA_2009', subject '/C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szign
o.hu', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Microsoft_ECC_Root_Certificate_Authority_2017', subject '/C=US/O=Microsoft Corporation/CN=Microsoft ECC Root Certificate Authority 201
7', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Microsoft_RSA_Root_Certificate_Authority_2017', subject '/C=US/O=Microsoft Corporation/CN=Microsoft RSA Root Certificate Authority 201
7', vfid -1
[468] fnbamd_add_ca_hash-new ca 'NAVER_Global_Root_Certification_Authority', subject '/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authorit
y', vfid -1
[468] fnbamd_add_ca_hash-new ca 'NetLock_Arany_Class_Gold_Főtanúsítvány', subject '/C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Ce
rtification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny', vfid -1
[468] fnbamd_add_ca_hash-new ca 'OISTE_WISeKey_Global_Root_GB_CA', subject '/C=CH/O=WISeKey/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GB CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'OISTE_WISeKey_Global_Root_GC_CA', subject '/C=CH/O=WISeKey/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GC CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_1_G3', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 1 G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_2', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_2_G3', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_3', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_3_G3', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_EV_Root_Certification_Authority_ECC', subject '/C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Aut
hority ECC', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_EV_Root_Certification_Authority_RSA_R2', subject '/C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification
Authority RSA R2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_Root_Certification_Authority_ECC', subject '/C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com Root Certification Authority
ECC', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_Root_Certification_Authority_RSA', subject '/C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com Root Certification Authority
RSA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_TLS_ECC_Root_CA_2022', subject '/C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_TLS_RSA_Root_CA_2022', subject '/C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SZAFIR_ROOT_CA2', subject '/C=PL/O=Krajowa Izba Rozliczeniowa S.A./CN=SZAFIR ROOT CA2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Sectigo_Public_Server_Authentication_Root_E46', subject '/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46', vf
id -1
[468] fnbamd_add_ca_hash-new ca 'Sectigo_Public_Server_Authentication_Root_R46', subject '/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46', vf
id -1
[468] fnbamd_add_ca_hash-new ca 'SecureSign_RootCA11', subject '/C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SecureSign_Root_CA12', subject '/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA12', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SecureSign_Root_CA14', subject '/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA14', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SecureSign_Root_CA15', subject '/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA15', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SecureTrust_CA', subject '/C=US/O=SecureTrust Corporation/CN=SecureTrust CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Secure_Global_CA', subject '/C=US/O=SecureTrust Corporation/CN=Secure Global CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Security_Communication_ECC_RootCA1', subject '/C=JP/O=SECOM Trust Systems CO.,LTD./CN=Security Communication ECC RootCA1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Security_Communication_RootCA2', subject '/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Security_Communication_RootCA3', subject '/C=JP/O=SECOM Trust Systems CO.,LTD./CN=Security Communication RootCA3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Starfield_Class_2_CA', subject '/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Starfield_Root_Certificate_Authority_-_G2', subject '/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Ce
rtificate Authority - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Starfield_Services_Root_Certificate_Authority_-_G2', subject '/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfiel
d Services Root Certificate Authority - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SwissSign_Gold_CA_-_G2', subject '/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SwissSign_Silver_CA_-_G2', subject '/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'T-TeleSec_GlobalRoot_Class_2', subject '/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot C
lass 2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'T-TeleSec_GlobalRoot_Class_3', subject '/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot C
lass 3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1', subject '/C=TR/L=Gebze - Kocaeli/O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - T
UBITAK/OU=Kamu Sertifikasyon Merkezi - Kamu SM/CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TWCA_CYBER_Root_CA', subject '/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA CYBER Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TWCA_Global_Root_CA', subject '/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TWCA_Root_Certification_Authority', subject '/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Telekom_Security_TLS_ECC_Root_2020', subject '/C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS ECC Root 2020', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Telekom_Security_TLS_RSA_Root_2023', subject '/C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS RSA Root 2023', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TeliaSonera_Root_CA_v1', subject '/O=TeliaSonera/CN=TeliaSonera Root CA v1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Telia_Root_CA_v2', subject '/C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TrustAsia_Global_Root_CA_G3', subject '/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TrustAsia_Global_Root_CA_G4', subject '/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Trustwave_Global_Certification_Authority', subject '/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certifi
cation Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Trustwave_Global_ECC_P256_Certification_Authority', subject '/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Globa
l ECC P256 Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Trustwave_Global_ECC_P384_Certification_Authority', subject '/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Globa
l ECC P384 Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TunTrust_Root_CA', subject '/C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'UCA_Extended_Validation_Root', subject '/C=CN/O=UniTrust/CN=UCA Extended Validation Root', vfid -1
[468] fnbamd_add_ca_hash-new ca 'UCA_Global_G2_Root', subject '/C=CN/O=UniTrust/CN=UCA Global G2 Root', vfid -1
[468] fnbamd_add_ca_hash-new ca 'USERTrust_ECC_Certification_Authority', subject '/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certificat
ion Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'USERTrust_RSA_Certification_Authority', subject '/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certificat
ion Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'XRamp_Global_CA_Root', subject '/C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority',
vfid -1
[468] fnbamd_add_ca_hash-new ca 'certSIGN_ROOT_CA', subject '/C=RO/O=certSIGN/OU=certSIGN ROOT CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'certSIGN_Root_CA_G2', subject '/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'e-Szigno_Root_CA_2017', subject '/C=HU/L=Budapest/O=Microsec Ltd./organizationIdentifier=VATHU-23584497/CN=e-Szigno Root CA 2017', vfi
d -1
[468] fnbamd_add_ca_hash-new ca 'ePKI_Root_Certification_Authority', subject '/C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'emSign_ECC_Root_CA_-_C3', subject '/C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign ECC Root CA - C3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'emSign_ECC_Root_CA_-_G3', subject '/C=IN/OU=emSign PKI/O=eMudhra Technologies Limited/CN=emSign ECC Root CA - G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'emSign_Root_CA_-_C1', subject '/C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign Root CA - C1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'emSign_Root_CA_-_G1', subject '/C=IN/OU=emSign PKI/O=eMudhra Technologies Limited/CN=emSign Root CA - G1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'root_CA2', subject '/O=Fortinet Ltd./CN=Fortinet', vfid -1
[468] fnbamd_add_ca_hash-new ca 'vTrus_ECC_Root_CA', subject '/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'vTrus_Root_CA', subject '/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA', vfid -1
[63] fnbamd_local_crl_hash_init-
[1898] fnbamd_cfg_vdom_add-VDOM 'root' is created.
[2528] fnbamd_peer_user_create-Peer users are created, vfid=0, total=0
[1947] fnbamd_cfg_update_vpn_setting-VDOM 'root'
[2549] handle_req-Rcvd 4 req
[179] fnbamd_acct_start_ACCT_ON-No radius acct to notify
[1482] create_acct_session-Nothing to do for acct type 4
[2562] handle_req-Error creating acct session 4
ike 0: cache rebuild done
ike 0:94d706af889b0a4a/0000000000000000:1663: matched proposal id 1
ike 0:94d706af889b0a4a/0000000000000000:1663: proposal id = 1:
ike 0:94d706af889b0a4a/0000000000000000:1663: protocol = IKEv2:
ike 0:94d706af889b0a4a/0000000000000000:1663: encapsulation = IKEv2/none
ike 0:94d706af889b0a4a/0000000000000000:1663: type=ENCR, val=AES_CBC (key_len = 256)
ike 0:94d706af889b0a4a/0000000000000000:1663: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 0:94d706af889b0a4a/0000000000000000:1663: type=PRF, val=PRF_HMAC_SHA2_256
ike 0:94d706af889b0a4a/0000000000000000:1663: type=DH_GROUP, val=MODP2048.
ike 0:94d706af889b0a4a/0000000000000000:1663: lifetime=86400
ike 0:94d706af889b0a4a/0000000000000000:1663: SA proposal chosen, matched gateway AZURE_SAML
ike 0:AZURE_SAML: created connection: 0x8923180 8 120.151.50.38->49.178.109.28:11534.
ike 0:AZURE_SAML:1663: processing notify type NAT_DETECTION_SOURCE_IP
ike 0:AZURE_SAML:1663: processing NAT-D payload
ike 0:AZURE_SAML:1663: NAT detected: PEER
ike 0:AZURE_SAML:1663: process NAT-D
ike 0:AZURE_SAML:1663: processing notify type NAT_DETECTION_DESTINATION_IP
ike 0:AZURE_SAML:1663: processing NAT-D payload
ike 0:AZURE_SAML:1663: NAT detected: PEER
ike 0:AZURE_SAML:1663: process NAT-D
ike 0:AZURE_SAML:1663: processing notify type FRAGMENTATION_SUPPORTED
[1939] handle_req-Rcvd auth req 860162668 for F23484CE-7E30-4530-8175-C0754B374085 in SAML-ENTRA-ID opt=00000000 prot=8
[489] __compose_group_list_from_req-Group 'SAML-ENTRA-ID', type 1
[616] fnbamd_pop3_start-F23484CE-7E30-4530-8175-C0754B374085
[2282] fnbamd_user_ldap_create-LDAP servers are created, vfid=0, total=2
[378] radius_start-Didn't find radius servers (0)
[765] auth_tac_plus_start-Didn't find tac_plus servers (0)
[1009] __fnbamd_cfg_get_ldap_list_by_group-
[1117] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 0
[497] ldap_start-Didn't find ldap servers
[480] fnbamd_cfg_get_ext_idp_list-
[454] __fnbamd_cfg_get_ext_idp_list_by_group-
[460] __fnbamd_cfg_get_ext_idp_list_by_group-Group 'SAML-ENTRA-ID'
[490] fnbamd_cfg_get_ext_idp_list-Total external identity provider servers to try: 0
[643] create_auth_session-Error starting authentication
[1086] fnbamd_ext_idps_destroy-
[1980] handle_req-r=5
[1988] handle_req-Error starting session
[209] fnbamd_comm_send_result-Sending result 5 (nid 0) for req 860162668, len=2540
[2485] handle_req-Rcvd abort req for 860162668
[2500] handle_req-Can't abort, no active req 860162668
[2570] peer_user_cn_dns_refresh-
[3391] __peer_user_cn_dns_refresh-Refresh in 1800 secs
Hi,
Please refer below article:-
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.