Technical Tip: SSL VPN Monitor shows web connectio...

Rajneesh · 12-20-2024

Description This article describes how to handle an issue where the user is trying to authenticate with the IDP portal with the correct credentials, but the IDP prompts with a message. Scope FortiGate and FortiAuthenticator. Solution From the attac...

Rajneesh · 12-20-2024

Description This article describes the issue where the user is getting the following error when trying to authenticate for SSL VPN using SAML. Scope FortiGate. Solution From the attached image it can be noted that, when the user is trying to connect ...

Rajneesh · 12-19-2024

Description This article describes the issue where user is unable to call multiple SAML groups belonging to multiple IDPs. Scope FortiGate. Solution From the attached image it can be noted that when another SAML group is being used in the firewall po...

Rajneesh · 07-23-2024

Description This article describes why there is a web connection for an SSL VPN user even though only tunnel mode is allowed. Scope FortiGate. Solution The SSL VPN monitor shows users with active web connections even though the SSL VPN portal only al...

Rajneesh · 07-11-2024

Hello @alexpendello , You can disable the SSL VPN web-mode globally, and it will prevent the SSL page to load. Sharing the KB article : https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-SSL-VPN-web-mode-globally/ta-p/272406

Rajneesh · 02-28-2024

Hello @martyyy If the tunnel is up then, One way we can isolate this issue by taking sniffer for the icmp packet on the FortiGate and you can match if the number of the packets send by the peer is received same on the FortiGate or not.

Rajneesh · 02-28-2024

Hello @AhmadYousef To create the IPSEC tunnel all matters is the reachability of the peer as mentioned by the @Toshi_Esumi . Also you mentioned that your Local FortiGate is behind the WAN router so make sure that the IPsec VPN Nat traversal is enable...

Rajneesh · 02-28-2024

Hello @surender This generally happens when the traffic response is not coming from the destination, so the receive bytes counter does not increases. You can do the following to troubleshoot : Take two CLI session and run the following sniffer and de...

Rajneesh · 02-26-2024

Hello @sumit007ac You can refer this KB : https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-check-SFP-transceiver-module-serial-number/ta-p/194318?externalID=FD38931You can take the CLI access of the secondary FortiGate and run the co...

User Statistics

User Activity

Troubleshooting Tip: SAML authentication is failing but the username and password are correct

Troubleshooting Tip: Redirection to the SAML IDP is not working and getting the error 'the response from; https://<IP>:<Port> was invalid

Troubleshooting Tip: Getting the error 'SAML user number is more than one and -651: Input value is invalid' when trying to add multiple SAML groups in the firewall policy

Technical Tip: SSL VPN Monitor shows web connection for users mapped to tunnel mode only portal.

Re: Curious about Web Portal for SSLVPN

Re: Policy Base and Route Base VPNs

Re: FortiGate IPsec on MPLS links

Re: v7.4.3 build2573 (Feature) in this version VPN Showing 0 bytes received.

Re: How to check the SFP status on Secondary Firewall

Technical Tip: SSL VPN Monitor shows web connectio...

Re: How to check the SFP status on Secondary Firew...

Re: Curious about Web Portal for SSLVPN

Re: Policy Base and Route Base VPNs

Re: FortiGate IPsec on MPLS links

Re: Fortigate HA over two internal switches (two c...

Re: whitelist specific user IP address from block ...

Re: Extract a list of web filters categories from ...

KCS