Hello, in the proccess of troubleshooting my Entra SAML DialUp IPsec
tunnel I noticed something weird. While SAML auth via TCP 9443 worked
fine, the handover to the IKE negotiation didn't work. There were no
packets being received by FortiGate referr...
Hi,we use SSL-VPN with FortiClient via Entra ID SAML. We have 3 Entra
groups for accessing SSL-VPN. The IP range for all clients on SSL-VPN is
192.168.15.1 - 192.168.15.254. Strangely, when a clients gets the
assigned the IP 192.168.15.1, FortiClient...
Hi,we have two /29 IP blocks from our ISP. IPs from the first block are
used for SNAT and a few VIPs. There are two default routes, one for each
gateway because both subnets have different gateways. We didn't want
ECMP, so we increased the distance f...
Hi,please refer to the screenshots - why is the FortiGate blocking legit
HTTPS and HTTP traffic? The policy and the corresponding SDWAN rule
should alllow everything. It just doesn't make any sense and the
provided article is not helpful at
all.https...
Hi,we have a VLAN on a 40F that is being provided through some 3rd party
access points. We enabled the disclaimer portal for that VLAN for guest
access. We don't want them to type in an E-Mail or provide guest
accounts.The disclaimer portal works wel...
Hello, turns out FortiClient was just doing FortiClient things again and
I had to rebuild the IPsec profile several times (with the same
parameters). Now it's working.
Yes, these users are in the same Entra Group. Maybe this makes it
clearer:Client A, Entra Group 3, 192.168.15.1 > Doesn't workClient B,
Entra Group 3, 192.168.15.1 > WorksClient C, Entra Group 2, 192.168.15.1
> WorksClient A, Entra Group 1, 192.168.1...
