I am testing a Fortigate using RADIUS with Entrust's IDaaS service. Has
anyone else used this? I am having issues where when testing credentials
in the Fortigate it comes back "invalid response."
I have a Fortigate, a remote Microsoft NPS server with an Azure AD
extension. Azure AD MFA is enabled. The goal is to use my AD domain
credentials as an admin on my firewalls and use the same MFA as I use
for Microsoft 365.I followed the instructions...
In the environment, it is one company with many AD domains. There is a
business need to make sure that users in one domain cannot access
resources in another. The current SSLVPN set up is as follows: Fortigate
has an LDAP server defined for each doma...
Fortigate model is 1500D, running on 5.2.3 with the matching SSLVPN
client. Due to the nature of our environment, we have multiple AD
domains behind the firewall. Each "domain" has its own SSL VPN Portal,
where when connected users they get assigned ...
I tried specifying the Fortinet-Group-Name attribute earlier. With that
specified, I don't get prompted for the OTP, it fails with "access
denied -455" without even asking for the OTP.
I'll check the diag commands on Monday. That being said, logs on the FAC
show authentication via LDAP and the Fortitoken as successful. Logs on
the Fortigate shows authentication as successful via the FAC. Just that
the now successfully authenticated...
Update on this. From the same network, I connected a Windows 7 and
Windows XP to the VPN. From the Windows 7 machine using either IE or
Firefox, I get packet loss. From the Windows XP machine using either IE
or Firefox I get no packet loss.