Hi, I've been struggling with this one for a couple of weeks now and haven't found a solution.
In my lab environment with a single IP address available I was running a 600c perfectly well, but I decided to change to a 200e (v7.6.0 build3401) for the additional functionality.
Internally I am running an On-Premise Exchange Server, an ADFS Server for webmail authentication, along with an unrelated website all on separate servers. I use virtual servers (HTPS) to connect to the appropriate real server based on the host header. e.g. (not real IP addresses)
mail.myname.com (100.100.100.1:443) -> Server 1 (192.168.0.1:443)
adfs.myname.com (100.100.100.1:443) -> Server 2 (192.168.0.2:443)
website.myname.com (100.100.100.1:443) -> Server 3 (192.168.0.3:443)
Does anyone have any insight as to why this was working on the 600c with the same configuration and I cannot get it to work on the 200e?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
We are still looking for someone to help you.
We will come back to you ASAP.
According to the people I've talked to, it's hard to tell what the issue is without logs from the client browser or packet traces from FortiGate. However, the issue seems to be related to how the redirection is performed from the mail server to ADFS for the auth piece.
It's possible that the url/fqdn/ip that is called from the exchange does not match what is expected to match the VIP.
It's also possible there's a conflicting UTM feature enabled, or some sort of issue in 7.6.0.
We strongly recommend you get in touch with TAC and provide a browser debug output (.har file) to help see what is being requested in the transaction. (Please do not post those logs here, as there could be sensitive data within.)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.