Fortinet Community

bpozdena_FTNT · 09-29-2021

DescriptionFSSO collector agent by default tries to detect workstation IP address changes by resolving the workstation host names via DNS. The interval in which the IP address verification occurs is configured by the 'IP address change verify interva...

bpozdena_FTNT · 05-27-2021

DescriptionWhen configuring FSSO, administrators have the ability to specify which user groups will be monitored by FSSO. The Group Filter can be defined either locally on FortiGate or directly on FSSO Collector Agent. While in general the group filt...

bpozdena_FTNT · 04-12-2021

DescriptionSince the release of FortiOS 6.2, the FortiOS proxy daemon (WAD) will strip domain names from usernames when domain is specified with backslash (DOMAIN\username). This behavior allows matching of locally defined users before contacting rem...

bpozdena_FTNT · 05-15-2020

DescriptionThis article describes how to configure SSL VPN OS check for Windows 10 clients with specific Windows build number.Solution# config vpn ssl web portal edit set os-check enable set skip-check-for-unsupported-os # config os-check-list { ma...

bpozdena_FTNT · 05-08-2020

DescriptionThis article describes how to move FortiToken Mobile between VDOMs.Solution1) Ensure the FortiToken mobile to move is not assigned to any user.2) Note down the Serial Number of the FortiToken to move to different VDOM. 3 )Delete the token ...

bpozdena_FTNT · 05-16-2022

You always have to define the individual LDAP/RADIUS users when you want to enforce 2FA on Fortigate. Bellow is an example of email authentication enabled for LDAP user. config user local edit "test_user" set type ldap set two-factor email set email-...

bpozdena_FTNT · 05-13-2022

Hi Shaabash, Without seeing the route tables and OSPF database, I can only guess that this is due to type 2 external route being used by default. You can try to redistribute the connected routes as type 1, so that the internal metric is accumulated a...

bpozdena_FTNT · 05-13-2022

The Common Name Identifier should be just "cn" , "uid" or whichever attribute you want to be searching for. Example: config user ldap edit ldap-server set cnid cn next end There could be other misconfigurations, but you may have masked them with the ...

bpozdena_FTNT · 05-12-2022

Hi Michael, based on how the issue is described, it sounds more like wifi related problem. You should probably ensure that there is no packet loss between the clients and Fortigate - SSL VPN is very sensitive to it. You can simply test by pinging the...

bpozdena_FTNT · 05-11-2022

Hi David, you only need to install the FAC Windows Agent to workstations/servers where you want to enforce 2FA authentication. The token authentication can be enabled/disabled per-domain bases. You can however exempt individual users/groups from 2FA....

Fortinet Community

User Statistics

User Activity

Technical Tip: Optimization of FSSO workstation IP address verification

Technical Tip: FSSO Group Filter configured on Collector Agent

Technical Tip: Domain name stripping behavior for proxy authentication

Technical Tip: How to configure FortiClient SSL VPN check for Windows version and build

Technical Tip: Moving FortiToken Mobile between VDOMs

Re: MFA VPN SSL - FGT - LDAP or RADIUS by email

Re: Fortigate OSPF Metric

Re: openLDAP Server Integration with FortiGate 40F

Re: LINUX WIFI/Hotspot Connection Issue - SSL-VPN

Re: FortiAuthenticator for privileged user MFA

Re: Upload a logo image via CLI

Re: Automation -> CLI Script: Use date as Part of ...

Re: openLDAP Server Integration with FortiGate 40F

Re: FortiAuthenticator for privileged user MFA

Re: High Memory Fortigate 100F version 7.0.5

Re: Upload a logo image via CLI

Re: Change LACP settings on existing link

Re: Backup command works in CLI, but not when star...

Re: Looking for New RSS feed

Re: How to show ip address on spoke tuunel when hu...

News & Articles

Security Research

Company

Contact Us