Hello, We have been testing IPsec dialup connections using autoconnect
and Entra ID credentials and so far it has worked pretty well. One area
of concern is how to exclude situations where we may not want the auto
connect to kick off (IE, local admin...
Good Morning, Has anyone ran into issues when updating the firmware on
MCLAG switches that would cause the switches to disconnect? I'm
wondering if the MCLAG group of switches need to be updated to the same
firmware at the same time? Topology:FW1 & F...
Hello, We were able to find a solution to this that works quite well. 1.
Create a security posture tag in EMS to check if the current user is a
member of an AD group (IE, IPsec_Allow)2. Enable secure remote access on
the remote access profile3. Confi...
Might be worth checking out the following KB from Duo, i know we ran
into similar issues after updating FortiOS but i don't recall exactly
where the connection was failing for us.
https://help.duo.com/s/article/9012?language=en_US Side note, we
previ...
Good Morning, Thank you for the update. Please see my notes below - I'm
not sure that any of these suggestions will fully resolve the issue but
they do present opportunities for us to test and see if we can get it
working as desired. User Group Confi...
No limitations that i am aware of - if you are able to get it working
correctly when manually configuring the connection then EMS should be
able to do the same. I would review the configuration between the two,
something must be different. Double che...
I was battling a similar issue for a while (although we are using IPsec
vs. SSL) and it is my understanding that SAML using an external browser
requires FortiOS 7.6.1 per the below
link,https://docs.fortinet.com/document/fortigate/7.6.1/administratio...
