Description This article explains how FortiGate parses a successful
RADIUS authentication response (Access-Accept) to learn group membership
information for the authenticated user. Scope FortiGate,
FortiAuthenticator. Solution Introduction: FortiGate...
Description This article describes use cases for the node-specific
gateway setting in FortiAuthenticator, caveats, and alternative
solutions. Scope FortiAuthenticator. Solution Introduction.
FortiAuthenticator active-passive clusters are usually depl...
Description This article explains SAML authentication basics in an
easily understood manner. Scope FortiGate, FortiProxy,
FortiAuthenticator. Solution SAML (Security Assertion Markup Language)
is an XML-based standard, developed to exchange authentic...
Description This article explains how FortiProxy handles authentication
and policy matching when case-sensitivity is disabled. Scope FortiProxy.
Solution FortiProxy provides a global case-sensitivity setting (which
FortiGate currently does not): conf...
Description This article describes how to determine if there are issues
with RADIUS authentication, specifically MS-CHAPv2, due to running
firmware version 6.6.x, and provides a few resolution methods. Scope
FortiAuthenticator v6.6.0-6.6.2. Solution ...
Hey Willem, it looks like your FortiManager is trying to install an
empty entry in the mac filter list for some reason? Can you double-check
the mac filter list for the "WK-Guest" entry, and check if an entry '1'
exists? If yes, and it is not needed,...
It will solve some issues, but not many. Essentially: - New logins can
be received from DC agent and will maybe be fine -> Collector Agent will
have to do DNS lookups for workstations -> if Collector agent is not in
the domain, it must be manually po...
Is that URL the IPSec VPN gateway, or the SAML IdP? If the IPSec VPN
gateway, please ensure that it is reachable from where your FortiClient
is, that IKE traffic is allowed, etc. If that URL is the SAML IdP,
please ensure that it is reachable from wh...
Hey Magdalena, you have to make sure that the FortiClient can reach
FortiAuthenticator WITHOUT a VPN; you have to make it publicly
available. SAML works by FortiClient connecting to FortiGate, and
FortiGate saying 'no, connect to FortiAuthenticator a...
Hey Alexandre, the error "attribute 'interface' must be set" sounds like
a CLI error, to be honest. Can you do the following in your FortiGate
CLI: #config log fortianalyzer#show full There may be some CLI settings
related to interface (such as selec...
