I have 3 vpn connections:1. Azure - mainsite FG (ipsec)2. branchsite FG
- mainsite FG (ipsec)3. clients - mainsite FG (ssl-vpn)With the new
ike-port option is should be possible to move to ip-sec over port
443.config system settingsset ike-port 443en...
We are running a Fortigate 60F 7.2.5., configured with SSL VPN using
Azure SAML for MFA.Whenever our users try to connect (Forticlient
7.0.7.), the Azure browser login request is shown twice. The user then
has to gamble which one is the correct one. ...
Haha. Not putting blame anywhere, just want a working solution.Can
anyone else test if TCP and UDP IPSec tunnels can co-exist?For
reference:
https://infosecmonkey.com/tcp-encpsulation-of-esp-packets-for-vpn-tunnels/
Correct. I think Azure only supports the default UDP IPSec ports, there
is no way of changing them. This would also apply to other non-Fortinet
devices. I can alter the phase1-interface to 'set transport udp' but
this doesn't seem to work.Haven't ext...
The problem is not multiple tunnels co-existing on the same port. The
problem is certain devices and services (Azure) not supporting IPSec
TCP. This puts me in the situation where Fortinet is removing and thus
wants me to move away from SSL-VPN, but ...
Hi Dixit, thanks for your reply. Is this on the roadmap? Or are there
talks with vendors like Microsoft to support TCP IPsec? I can't imagine
being the only one facing this problem.
