SSLVPN SAML is working in 6.4 with Google IDP config user saml edit
"Google" set entity-id "https://gateway.xxxxx.com/remote/saml/metadata"
set single-sign-on-url "https://gateway.xxxxx.com/remote/saml/login" set
single-logout-url "https://gateway.xx...
Really confused by FortiView. Seems as though it is intentionally
hindered in an effort to push FortiAnalyzer, which is annoying. Anyway
two questions and one complaint. 1.) Am I missing something or does
FortiView (sources for example) not support t...
We use LDAP (firewall) authentication for non AD devices with a captive
portal. Under "User and Device" -> "Authentication" -> "Settings" we
have "Authentication Timeout" set to 120. According to the user guide
and help this is in mins. We have sever...
It appears the traffic detail section for the highest X users is no
longer in the default report. Does anyone know how to get it back. I
looked in customize report, but can't seem to find that as an option.
See attached image for the report from 5.0
It works! So you must use group matching. The beautiful part is you can
create a custom schema in Google just for Fortinet portals and pull that
through the SAML attribute. Make sure your config user saml is the same
as your attribute in Google so.. ...
Seems to be no easy way to separate groups though. Fortigate treats
every SAML user as the same group, so you cannot assign different SSL
portals or policy! At least this is what I've found so far.
SSLVPN SAML is working in 6.4 with Google. config user saml edit
"Google" set entity-id "https://gateway.xxxxx.com/remote/saml/metadata"
set single-sign-on-url "https://gateway.xxxxx.com/remote/saml/login" set
single-logout-url "https://gateway.xxxxx...
my guess would be websockets. Many modern UI's that are graphics
intensive are moving to using web sockets. These are not being proxied
and therefore failing. see similar post
https://forum.fortinet.com/tm.aspx?tree=true&m=178442&mpage=1
This is because Fortigate does not support web socket proxy. The web
sockets attempt to connect directly which of course does not work when
someone is connected via VPN. I am trying to get a feature request for
this going as many newer apps use web s...
