Since SSLVPN will be discontinue on 7.6, herewith ...

LVHan · 10-10-2025

I really run out of idea on user grouping based on Azure Entra ID object ID.I Follow the administration guide to prepare SSL VPN migrate to IPSec VPN with SAMLhttps://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/951346/saml-based-a...

LVHan · 07-31-2025

ince FortiOS going to obsolete SSLVPN from 7.6 onward,InformationDitch away the idea user group, it unable support user grouping like SSL VPN did.FSSO is a must for user grouping except local database, but FSSO has some restrictionFSSO deploy with DC...

LVHan · 07-04-2025

Current running on VM and no hardware disk present but I wish to use current DIsk System as log diagnose hardware deviceinfo diskDisk SYSTEM(boot) 40.0GiB type: IDE [Virtio Disk] dev: /dev/vdapartition 231.0MiB, 93.0MiB free mounted: Y label: dev: /d...

LVHan · 12-09-2024

I did follow the tech doc as belowhttps://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-configure-a-VIP-using-a-loopback-interface/ta-p/194521but when debug flow, i receive reverse path check fail, drop error when after the DNAT success F...

LVHan · 03-15-2023

Tried 3 common browser to access forticonvertor document but response with error code 500 https://docs.fortinet.com/product/forticonverter Appreciate fix it

LVHan · 10-12-2025

Both are use Azure SAML and no issue on authentication. SSLVPNIPSECUser Grouping firewall able match username with the configured user group (contain Entra object ID) with the SAML responsed Entra Object ID the SAML return the Entra Object ID but fir...

LVHan · 10-12-2025

i) either set group-name "group" , if you configured this and use thisYes had ensure that, SAML is working authentication is working, SAML response with correct Entra Object ID too. ii) either set group-name "http://schemas.microsoft.com/ws/2008/06/i...

LVHan · 10-10-2025

It seem not require license but the document enable TCP IKE is very confusing, if the user follow the guide other VPN tunnel connection should be down as this is a global commandconfig system settings set ike-port 5000 set ike-tcp-port 5500 endhttps:...

LVHan · 08-24-2025

Yes for small scale client, but no for large scale enterprise.7.4 end of engineering at May 2026, not much time left for 7.6 improvement.

LVHan · 12-13-2024

myself declare bug AWS FG, i retain the bug ipsec profile and create a new one.the route appear in kernel https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/426761/site-to-site-vpn-with-overlapping-subnetsI tried this approach th...

User Statistics

User Activity

How to user grouping on Forticlient IPSec VPN with Azure Entra ID