Re: Migrating from IKEv1 to v2 - Can both run simu...

hpenmetsa · 09-25-2025

Description This article describes the troubleshooting steps when connecting to an IPsec VPN with SAML-based authentication from FortiClient, where FortiClient is stuck in a connecting state even after entering valid credentials. Scope FortiGate. Sol...

hpenmetsa · 07-29-2025

Description This article describes that renaming synchronized objects on the Fabric root FortiGate will create duplicate objects on downstream FortiGates if they are referenced in downstream configurations in the Security Fabric setup. Scope FortiGat...

hpenmetsa · 05-27-2025

Description This article describes how to assign a native VLAN if the VLAN is on a different VDOM. Scope FortiGate. Solution In the following example, on the managed FortiSwitch config, when attempting to assign VLAN 128 as a native VLAN, it does not...

hpenmetsa · 03-20-2025

Description This article describes that when Firewall policies are in a flow-based inspection, the FortiGuard block page does not display. Scope FortiGate, FortiOS v7.0.x version. Solution The FortiGate devices running on FortiOS v7.0.x, are configur...

hpenmetsa · 01-06-2025

Description This article describes how to add the existing address objects on the address group when manually created or created by IPsec VPN Wizard. Scope FortiGate. Solution When trying to add address object to the address group the address object ...

hpenmetsa · 10-05-2025

HiAre you using IPSEC VPN with split tunnel or full tunnel? Could you please share the IPsec configuration and corresponding firewall policies? config vpn ipsec phase1-interface edit sh

hpenmetsa · 10-05-2025

Hi @suryana From FortiOS v7.4.9, FortiGate verifies the signature of the SAML Response message. Please check the document below and follow the steps as mentioned.https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SAML-Authentication-fail...

hpenmetsa · 09-29-2025

Hi, The `add-route` option is primarily used for dynamic (dial-up) VPN connections. It is designed to automatically add routes to the FortiGate routing information base when the dynamic tunnel is negotiated. While it is mainly associated with dial-up...

hpenmetsa · 09-29-2025

Hi @Toshi_Esumi Yes, when the user tries to connect to a dial-up2 (IKEv2) from the FortiClient, the user can only connect to a dial-up2 (IKEv2) not to dial-up1 (IKEv1), because the config of both tunnels is different.Thanks

hpenmetsa · 09-24-2025

HiYou can configure a new Dialup VPN with IKE V2 on the same interface; it won't cause any issues. Also, you don't need to make any changes to the IKE v1 tunnel. Please check the following document to configure IKEV2https://community.fortinet.com/t5/...

User Statistics

User Activity

Troubleshooting Tip: FortiClient gets stuck on connecting while establishing an IPsec VPN SAML-based authentication

Troubleshooting Tip: Renaming synchronized objects in the Security Fabric setup, will cause duplicate objects if referenced on downstream devices

Troubleshooting Tip: Unable to assign a native VLAN if the VLAN is on a different VDOM

Technical Tip: FortiGuard block page does not display when Firewall policies in a flow-based inspection mode

Technical Tip: Unable to add the addresses objects on the address group.

Re: Internet connection lost during VPN IPsec connecting by FortiClient

Re: The SSL VPN using Microsoft MFA is stuck at 40% after upgrading to firmware version 7.4.9

Re: VPN site to site route