Hi All, Managed to get outbound firewall authentication using Entra ID
as SAML IdP to work. My issue is this. I do not want to stay installing
the Fortigate CA SSL cert on each endpoint that needs internet access,
as instructed in the Fortigate's how...
to add that to make this work you need to force the FGT to effectively
make use of a FQDN for the authentication portal: config firewall
auth-portalportal-addr "my.fqdn.com""my.fqdn.com" being obviously the
domain used for the digital cert.I have now...
So, after some tinkering I though to myself, if it wants to use the
internal interface IP address, why not make it happy? So what I did was
to enable the local DNS server on the FTG itself and create a zone with
the same domain name as the ones used ...
Hello Anthony, SAML configuration on the FortiGate is pointing to FQDN
which resolves to the Public IP address (WAN1) on the FGT itself. I'm
using FortiOS ver 7.4.5, on a FGT 60e, so SSLVPN settings is not
available for me. Under User & Authenticatio...