Hello, we need to switch from Dual Stack SSL VPN to v4 only, since we
need SNAT4 on some policies for traffic originating from SSL-VPN. Is it
safe to "set dual-stack-mode disable" or will this remove / invalidate
all existing policies? The current po...
Hello, in the proccess of troubleshooting my Entra SAML DialUp IPsec
tunnel I noticed something weird. While SAML auth via TCP 9443 worked
fine, the handover to the IKE negotiation didn't work. There were no
packets being received by FortiGate referr...
Hi,we use SSL-VPN with FortiClient via Entra ID SAML. We have 3 Entra
groups for accessing SSL-VPN. The IP range for all clients on SSL-VPN is
192.168.15.1 - 192.168.15.254. Strangely, when a clients gets the
assigned the IP 192.168.15.1, FortiClient...
Hi,we have two /29 IP blocks from our ISP. IPs from the first block are
used for SNAT and a few VIPs. There are two default routes, one for each
gateway because both subnets have different gateways. We didn't want
ECMP, so we increased the distance f...
Hi,please refer to the screenshots - why is the FortiGate blocking legit
HTTPS and HTTP traffic? The policy and the corresponding SDWAN rule
should alllow everything. It just doesn't make any sense and the
provided article is not helpful at
all.https...
Hello, turns out FortiClient was just doing FortiClient things again and
I had to rebuild the IPsec profile several times (with the same
parameters). Now it's working.
Yes, these users are in the same Entra Group. Maybe this makes it
clearer:Client A, Entra Group 3, 192.168.15.1 > Doesn't workClient B,
Entra Group 3, 192.168.15.1 > WorksClient C, Entra Group 2, 192.168.15.1
> WorksClient A, Entra Group 1, 192.168.1...
