Hi all, we want to switch our FortiClient dial-up connections from IKEv1
to IKEv2, but we are having problems with this. I have created a new
IKEv2 Test-VPN on the Fortigate and a test user that is authenticated
via RADIUS. Everything in the setup wo...
Hi all,since a few months we use 2-factor authentication with FortiToken
(Mobile and Hardware) for some Firewall-Policys, which works like a
charm. Now we decided, to use the same authentication for a dialup IPSec
VPN on the same Fortigate. Basically...
Hi all,we have enabled deep SSL-Inspection on FG100D Cluster. Everything
works fine by now, except full validation of certificates presented by
the remoteserver. For example, all self-signed certificates on
remote-servers are accepted by Fortigate, b...
Unfortunately, I now have another problem: IKEv2 connection only works
if the user does not have 2-factor authentication enabled (via
FortiToken). Does anyone know if this is possible with a later FortiOS
version? I have seen hints that this is only ...
Hi Ken,thanks for your reply, test with local user was a good idea! It
worked right away. So I took another look at the NPS and found, that
only PEAP was enabled there, not EAP-MSCHAP-v2. After I turned it on, it
now works. Thanks a lot for your hint...
Jeff_FTNT wrote:FGT GUI can import ca certificate bundle file. That was
the decisive tipp for me! I exported a full CA-list from Firefox, merged
all .crt files in one big crt and imported this crt in Fortigate - done.
I know, that I have to manage th...
Jeff_FTNT wrote:Yes, you can import CA from GUI:Certificates->CA
Certificates, thanks. Thank you. I know this option in the GUI, but how
I can import multiple CAs in one step? For example, when I take a look
in Firefox CA-Certs, I can see about 290 t...
