On the Fortigate under SSL-VPN Settings you need to specify an Address
Range. But you also need to do the same thing under SSL-VPN Portals
Source IP Pools. Presumably if you have multiple portals each one would
have their own IP pool. So why are you ...
I am testing out client based ssl-vpn using SAML Auth. When I debug saml
on the fortigate I see that group that comes back from SAML is correct
but I am getting added to the wrong portal. I have users group
configured as per
https://docs.fortinet.com...
We have decided to do a phased roll out of ForiClient VPN for our users.
The first phase (which we are in) is to let everyone do SSL VPN just
like they were doing on our old Cisco VPN. I have that working however,
we found that one of our domain name...
I am getting lost with all the certs so can someone please help me.
While I have System SAML SSO logins working I noticed that one of the
certs involved I have no clue where it came from. So I am trying to
understand which cert is needed where. On th...
I need some help. I am tying to register my FortiClients using their
individual invitation codes to FortiClient EMS Cloud. In FortiClient EMS
Cloud I am using SAML to our ADFS host. I have provided the config the
CERT to the ADFS host. In the Relayin...
So for example I have reserved a /16 for all VPN users. That /16 is then
broken up into /24s for each VPN group. I should put the /16 into the
SSLVPN Settings global setting and then each portal put in the /24 I
want to assign to the users of that po...
So I do have this. The Users/Group I have is a group of type Firewall
that is connected to a remote server (the SAML server) with a list of
group names.... OH... Wait... I need one group of type firewall
connected to saml for EACH group name that wil...
It looks like the ssl-vpn multi-realms is for setting individual login
pages for different realms. I want to know what connects the group
attribute that SAML returns to the vpn portal. I am pretty sure I
deleted something or broke something and thats...
What seems to be working is to setup split-tunnel and split-tunnel-dns
in the portal. Then in the SSL-VPN Settings set DNS Server = Same as
client system DNS. Whats weird with this setup is that if I do an
nslookup of an internal only FQDN host it fa...