Hi All! We have a significant number of InTune joined devices that
authenticate against Azure Active Directory (AAD). We need to work out a
way of authenticating to these clients to the Fortigate. We have
connected the FG to AAD for the VPN with grou...
Hi everyone. What I want to do is access some resources across the IPSEC
vpn terminated on the fortigate via the SSL Portal on that same
fortigate. I can't ping the resources from that fortigate and I think
it's to do with the originating address and...
Hi there, Got an oddity. 7.0.0 works fine, but when I install 7.0.1 or
7.0.2 (VPN client) it connects and seems to be working. There is even
traffic passing the rules on the FG. But the remote client fails. Roll
back to 7.0.0 and it's fine. Any ideas...
We are going to be joining a lot of our devices to InTune. I wonder
whether anyone has any hints on getting details of the logged in user
from these devices to be used by the Fortigate. Particularly in a
'shared device scenario' - we have cabinets fu...
Hi there, Am I imagining it or can RSSO be a little intermittent? I'm in
a very busy site but a small proportion of my users are not showing with
RSSO group filled. No particular reason so far as I can see. It's
picking up the usernames but not the g...
Hi Debbie, So is there an ability to set a self-originating traffic
address for the SSL VPN Portal?Like I mentioned, I used to use an IP
Pool on the traffic rule and it seemed to work - but now it
No problem Debbie I have a strong feeling that this is to do with
self-originating traffic and IPSEC interface IP addresses and will try
and pursue that :) This is a capture of a ping from the firewall across
the VPN: You can see the IP address is pa...
Thanks Debbie,I have a normal policy which had a NAT Pool of addresses
within the production network which is within one of the P2 selectors
(10.x.x.x/8) Incoming: ssl.rootOutgoing: CrawleyIPSECSource:
allDestination: The hostsNAT: onPool: Use Dynami...
I've now noticed it on other Portals. It's where the SSL portal traffic
is directed through an IPSEC VPN also terminated on the same box. There
is an IP Pool on the rule (on the same interface IP range as the
production network) which managed to get ...