Technical Tip: SSL/TLS and the use of Digital Cert...

Markus_M · 01-06-2026

Description This article describes the technical process of FortiToken activation, FortiToken Mobile and FortiToken Hardware. Scope FortiAuthenticator, FortiGate, FortiPAM, FortiProxy. Solution This article is focuses on FortiAuthenticator for centra...

Markus_M · 01-05-2026

Description In environments that integrate two-factor authentication it is important to understand the message flow. If troubleshooting is required, it is important to understand what messages may be problematic or missing, in order to troubleshoot a...

Markus_M · 09-10-2025

Description This article describes FTP communication through FortiProxy and the required Syntax with CURL. Scope FortiProxy may also be applicable for FortiGate to some extent. Solution CURL is a versatile command-line program available for Linux and...

Markus_M · 07-07-2025

Description This article describes general troubleshooting and considerations when deploying the FortiAuthenticator to handle FSSO operation in high-performance environments. Scope FortiAuthenticator is used as an FSSO Collector. Solution Table of co...

Markus_M · 11-04-2024

Description This article describes an example use case for certmonger and the FortiAuthenticator as SCEP server. Note that certmonger is a third party tool and not endorsed by Fortinet. Its documentation can be found here:https://www.freeipa.org/page...

Markus_M · 01-06-2026

more detail will be needed. It sounds like the notification doesn't arrive at the end users phone. On the FortiAuthenticator https://fac-ip/debug, enable the RADIUS debug and reproduce the issue. There will be something about a "session_id" when the ...

Markus_M · 12-19-2025

It will help to say how your FSSO setup is done. FSSO works by reading a logon event with the user information from the DC. This will be collected and then sent to the firewall. Typically, the collecting is done with a Collector Agent. It is also pos...

Markus_M · 12-19-2025

Hey, the "gw validation failed" is quite generic and often not really helpful.Check the configuration on the "config vpn ipsec phase1-interface" which should have a peer user referenced either directly or on a firewall policy that uses the tunnel. EA...

Markus_M · 12-01-2025

rootCA - no chance. FortiAuthenticator can send it, if all intermediates and root CA are already imported.The client though won't care though - the rootCA is required to be on the client already. Importing the certificate is of course not the solutio...

Markus_M · 11-25-2025

Hey, on this here: "Verify return code: 20 (unable to get local issuer certificate)" means basically that the FortiAuthenticator sends a certificate that the client (OpenSSL) is unable to verify the chain for. It may or may not have a root CA, but th...

User Statistics

User Activity

Technical Tip: Understanding the FortiToken provisioning process

Technical Tip: Workflow of authentication and RADIUS messages when FortiAuthenticator is used to insert 2FA.

Technical Tip: Explicit FTP proxy communication with CURL through FortiProxy

Technical Tip: FSSO performance optimization for FortiAuthenticator as collector

Technical Tip: Example of use of certmonger and FortiAuthenticator as SCEP server.

Re: Not getting the token

Re: Using sAMAccountName in Firewall Policies via Remote LDAP User Definitions with FSSO

Re: Strongswan (swanctl) ipsec ikev2 tunnel authentication by smartcard and EAP

Re: Apple Devices with Captive Portal

Re: Apple Devices with Captive Portal

Technical Tip: SSL/TLS and the use of Digital Cert...

Technical Tip: Best practices on hardening FortiAu...

Technical Tip: Configuring DPD (dead peer detectio...

Technical Tip: FSSO performance optimization for F...

Technical Tip: DHCP address leases on a FortiGate

Re: 802.1X Wireless Machine Certificate based RADI...

Re: LDAP cert Configuration error

Re: UNABLE TO ACCESS MY GATEWAY VIA WEB GUI OR SSH

Re: FortiAuthenticator Guest Captive Portal Cannot...

Re: Detailed Specifications of 　File System Check ...

KCS

User Statistics

User Activity

You are leaving our website