cannot longer connect FortiClientVPN 7.2.2.0116 Azure SAML MFA

fabs · ‎09-25-2023

Hello,

since updating iPhone iOS from the last version 16 to the current 17.0.1, connecting via FortiClientVPN is no longer possible. The Azure SAML authentication takes place, but it stops at "Connection".
FortiClient VPN 7.2.2.0116
Fortigate 7.2.5 build1517
Can anyone here report the same problem?

PBalochini · ‎10-19-2023

Problem finnaly solved by Miguel Cifuentes | TAC Engineer after adjusting :
config vpn ssl settings
set dtls-tunnel disable
end
But the question is: This will open any security issues?

hbac · ‎10-19-2023

Hi @PBalochini,

No, dtls-tunnel uses UDP instead of TCP to improve performance. Disabling it will not pose any security risk.

Regards,

Support125 · ‎10-19-2023

Hi,

I'm having the same the issue. I have tried to disable DTLS on FortiGate side and the connection succeed.

Do you have the same behaviour ?

kcheng · ‎10-19-2023

Hi @Support125

This is the same behavior that we observed for users in this thread where iOS users with FortiClientVPN 7.2.2.0116 connecting to Azure SAML.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

Support125 · ‎10-19-2023

Hi,

I observed the same issue. By disabling DTLS on Fortigate side, VPN SSL connection (SAML Azure AD + conditional access) succeed.

Can you confirm that point on your side ?

kcheng · ‎10-19-2023

Hi @Support125

This is the same behavior that we observed for users in this thread where iOS users with FortiClientVPN 7.2.2.0116 connecting to Azure SAML. Do keep an eye if this has been fix in the future release where you will be able to reenable the DTLS on FortiGate once again.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

sbaechler · ‎11-02-2023

We got it working by disabling DTLS in the FortiGate settings.

Fortinet is working on an update that fixes the issue.

jhe · ‎11-02-2023

Hi.

Can someone with DTLS disabled confirm if VNC connections from iOS work?
We are having issues connecting VNC through the SSL tunnel.
We have observed that VNC works fine if we disable SAML and enable DTLS. But does not work with DTLS disabled. Using Forticlient EMS (workaround) with DTLS and SAML enabled VNC does not work.

I'm trying to confirm if this is related to the discussed issue.

kcheng · ‎11-02-2023

Hi @jhe

Your issue sounds different from this. If you are able to connect to SSLVPN, but failed to access VNC after getting connected, the symptoms are different. I'd suggest that you create a support ticket for our team member to further assist you on this.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

xDivour · ‎11-02-2023

I can confirm vnc works it's going to be something else

cannot longer connect FortiClientVPN 7.2.2.0116 Azure SAML MFA

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website