Hi
I have a issue I hope someone here can assist me with!
My customer uses FortiClientVPN on +40 Windows clients, using SSO/SAML to connect to a FortiGate 1500D through O365 Azure - and it works flawlessly. 1500D firmware is v6.4.7,build1911,210825 (GA).
The customer has a number of Apple iPads, where I have been trying to get the FortiClient VPN app to work. But when connecting the logon page to O365 is just blank, it never loads the webpage. The settings are exactly the same as the Windows clients. I have tried with iOS devices that run version 15.2.1 and 12.5.5. There result is also the same if I use a trial for the "FortiClient" paid app.
I thought maybe it's a browser issue, so I tried changing the default browser on the iOS devices to both Chrome and Firefox, but nothing changed. I'm not sure if the FortiVPN app even registers the change.
See the screenshot below showing what I mean with the "blank page".
Please advise - and thanks in advance! :)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think we figured it out, at least for our situation. This particular user was using the instructions given for the windows client. For the windows client, you can include the port in the HOST URL line, so something like: https://hostname.domain.com:8443 (we use a different port than the default). The windows client figures out that you're supplying the port and it knows what to do with it. The iOS client does NOT, so it wasn't working correctly. Once we stripped it off the URL and entered it into the PORT field it worked for us. I hope this helps.
I didn't notice this because I was trying to trouble-shoot over the phone. Once we could see it in person it all fell into place.
Hi Belshire
I see your point. But we use default port 443, the link we use is like this https://vpn.hosting.com:443/customername , because it's used for lots of customers.
I tried writing it without the port number in the host field anyway, but it didn't make a difference.
Thanks for the suggestion though.
Hey guys,
what FortiGate versions are you using?
First feedback from the developers is to try FortiOS 7.0.1 or higher, as that allows FortiClient iOS to utilize SafariView, which might help with the issue.
If you are not on FortiGate version 7.0.1 or higher, can you upgrade if possible?
If you are on that version or higher, can you let me know (and also let me know what FortiGate version you are on exactly)?
Many thanks!
Hi Debbie
Firmware is v6.4.7,build1911,210825 (GA) on a 1500D.
I'm afraid I don't have the right permissions to update it to 7.xx, and the people responsible says it probably will be +12 months before they do.
I have a different FortiGate 60E with fw version 7.0.5 though. I'm going to test with that one instead later, but it's going to take some time before I have the time and capacity to set it up and test. Will report back when I have tried it out.
Hey jespera,
thanks for letting me know, I look forward to hearing back from you :)
We are having the same issue as jespera. It looks like it only occurs if you use realms. We are on a 600D and have many users trying to use SAML via iOS unsuccessfully. We thought that the FortiClient 7.0.3 would fix this, but it does not. We also noticed in the 6.4.9 firmware that BUG ID 695386 should fix SAML login failure for users who belong to multiple groups associated with multiple VPN realms. However, we are still facing the same issue.
Unfortunately, we cannot upgrade our 600D to the 7.0.X firmware, so i'm not sure where that leaves us. Getting the FortiClient team to update the software for this fix has been frustrating.
Hi Jespera,
Any update for v7.0.6?
Thanks
Thanks
Kangming
Unfortunately, this still does not work with the 7.0.6 client. I still get a blank page. Oddly enough, when running the iPadOS version on an M1 MacBook it does work, just not on an iPad (or iPhone).
In any case, you always have to re-enter your credentials, suggesting that the safariview used is not remembering/storing anything.
Hi
We can't reproduce it in the lab. Can we submit a ticket for TAC to look at it remotely, or provide a remote test account?
Thank you.
Thanks
Kangming
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.