Hi all. I'm hoping someone will be able to advise me on a work around,
or an alternative solution, to avoid the following limitations with
Microsoft NPS Extension for Azure MFA (without having to implement a
completely different solution!):
I have a policy-based VPN between a Fortigate-300A and a Cisco ASA. All
config relating to the VPN matches at both ends and the VPN works with
no apparent issues apart from the following: When a host behind the
Cisco end of the VPN attempts TCP commu...
Hi JarradW. I had the same issue when trying to use the downloaded
Deployment Package to update our customer FortiClient estate from 6.2.7
to 6.4.5 directly, or via Microsoft Intune (customers setup). I got
around it by using Deployment & Installers ...
Hi Edward. Do you have an Application Control Security Profile enabled
on the firewall rules for the access you require? I believe this is a
requirement if you want use SD-WAN rule based on application.
Hi David. It looks like you will need an additional Phase 2 configuring
on the Branch FortiGate, to allow 10.0.151.0/24 (local) to have a tunnel
to 192.168.100.0/24 (remote), with the opposite configured on the HQ
Ah, okay. I've just checked and my test FortiGate is doing deep
inspection, rather than certificate inspection. Maybe that's why I've
not seen an issue.I'll change to certificate inspection and test again.
Hi Mike. I had the issue with certain web site access in 6.2.5 using
proxy mode.I switched to flow mode and then had the certificate issues.
Refreshing the browser page brought up the site no problem without
having to accept an un-trusted certificate...