Is it possible to retrieve metadata on scheduled cli or tcl script.i
create meta variable $(ip)I tried on script cli variable $(ip) "$(ip)"
'$(ip)' $ip
I really run out of idea on user grouping based on Azure Entra ID object
ID.I Follow the administration guide to prepare SSL VPN migrate to IPSec
VPN with
SAMLhttps://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/951346/saml-based-a...
ince FortiOS going to obsolete SSLVPN from 7.6 onward,InformationDitch
away the idea user group, it unable support user grouping like SSL VPN
did.FSSO is a must for user grouping except local database, but FSSO has
some restrictionFSSO deploy with DC...
Current running on VM and no hardware disk present but I wish to use
current DIsk System as log diagnose hardware deviceinfo diskDisk
SYSTEM(boot) 40.0GiB type: IDE [Virtio Disk] dev: /dev/vdapartition
231.0MiB, 93.0MiB free mounted: Y label: dev: /d...
I did follow the tech doc as
belowhttps://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-configure-a-VIP-using-a-loopback-interface/ta-p/194521but
when debug flow, i receive reverse path check fail, drop error when
after the DNAT success F...
Btw your mention about MFA, if any SAML configure please look into this
document too
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SAML-Authentication-fails-after-firmware/ta-p/407859
https://docs.fortinet.com/document/fortigate/7.6.5/fortios-release-notes/517622/changes-in-cli7.6.5
had upgrade the Default DH group perhaps u look into your phase 1 and
phase 2 IPSec setting and your FortiClient configuration match it back
should be...
I know what happenCLI script metadata variable can be retrieve by
running on local database , if running on remote CLI FortiManager itself
wont retrieve the metadata variable
-.- today by remove the authgroup and define firewall policy with Entra
ID user group and it workconfig vpn ipsec phase1-interface edit
"FCT_SAML" set eap enable set eap-identity send-request next end
