Hello everyone,we are currently running a FortiGate on firmware 7.6.4
with an IPsec dialup VPN using SAML authentication over IPv4. This setup
works without any issues.However, more and more of our users are
receiving IPv6-only connections from their...
Hello all, I am currently setting up 802.x1 EAP-TLS authentication on an
external cloud radius server on my FortiSwitch 448E-POE (Fortilink) and
am experiencing a minor issue.Basically, I wanted to do this via TLS TCP
(RadSec).I noticed that the Fort...
Hello all, I have a problem where my two 448E switches are displayed as
“online” under Managed Forti Switches. I can also access the port
configuration and change it. So I guess the NTP is not the issue. NTP is
also activated for the fortilink interf...
Hi everyone,I'm currently working with the following setup:We have a
FortiGate 100FPort X1 on the FortiGate connects via 10G to a stack of 2x
Cisco CBS350X (on the Ground Floor).From there, there's an uplink via
10G to another stack of 2x Cisco CBS35...
Hello all, We use IPsec Dialup VPN with SAML via EntraID. When I try to
connect via IPsec VPN inside same network in which the Fortigate is
located, I get the error "ERR_EMPTY_RESPONSE" when calling SAMLIs this
an expected behavior? If not, what coul...
@Jean-Philippe_P Thank you for your feedback.The reason I am considering
enabling dual stack on the IPsec dialup VPN is because we have several
employees who can connect to the VPN from their home office, but they
cannot access any applications locat...
@AEK Thank you for your reply.About LACP thats clear for me so far.If I
now connect the new pair of 448Es to the current pair of 448Es, will
this automatically configure itself as LACP (802.3ad), as from the first
pair of 448Es to the FortiLink inter...
@AEK If I now use the same configuration as described above, does this
mean that I also set up an MC LAG between both 448Es and set up a
connection to the above-mentioned 448E in each case?In other words448E
#1 -> 448E #1448E #2 -> 448E #2Is this con...
Okay, I was able to resolve it.The correct interface is not
“_default.fortilink (_default)” but “fortilink”This was not visible in
the GUI, so I had to adjust the policy via CLI.
Hello @Markus_M We cannot use RADSEC (TLS TCP) since for my
understanding the FortiSwitch 7.6.2 not support Radius TLS via TCP yet.
Is this correct?Further I do not understand why there is no policy which
allows the traffic, since I created one polic...
