As FortiSASE currently lacks an official public API, I thought I'd share
a little bash-script I just wrote that uses cURL to login to FortiSASE
via SAML/SSO and can then access the backend REST(ish)-API used by the
FortiSASE portal natively. I needed...
I'm trying to get certificate-based authentication with TPM-enrolled
certs working with FortiClient on Windows 10. Fortigate-VM
7.2.2FortiClient ZTNA 7.0.7 on Windows 10 I have everything working with
a software enrolled certificate on a test client,...
I'm trying to get FortiClient to re-connect without re-authenticating
after short network outages as described in this article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-SSL-VPN-to-allow-tunnel-reconnection/ta-p/220498
I'v...
Scenario Classic "Hub and Spoke" design with a Fortigate at HQ
terminating DialUp IPsec VPNs from Fortigates at branch offices.All user
traffic at the branch offices should be routed through the VPN tunnel to
HQ. Problem With a static IP on the WAN i...
Problem solved! It was caused by old broken TPM firmware that didn't
support RSA-PSS, so no CertificateVerify message was sent to the
Fortigate. Disabling RSA-PSS in the registry according the following
article resolved the issue, forcing it to use P...
Further testing shows that Software-based CNG-keys created using the
Microsoft Software Key Storage Provider works, but I'm unable to use TPM
created keys using the Microsoft Platform Crypto Provider. For testing
I've created two self-signed certs li...
Just thought I'd share an update: Fortinet TAC has confirmed this is a
bug in FortiClient 7.0.x for Windows. I've received a 7.0.7-Interim
version which fixes the problem that will also be included in 7.0.8 GA
when released. On MacOS, 7.0.x doesn't e...
I've further investigated this issue during the weekend and have
concluded: FortiClient 6.4.9 on Windows can successfully use the
tunnel-connect-without-reauth to re-establish the session. The relevant
part of the re-connect shows the following debug...
