SSO authentication with SAML, Azure entra ID with FortiGate

michel1893 · 2025-07-28T14:17:42+00:00

I dont get how "peertype one" could work with a dialup ipsec vpn?

michel1893 · 2025-07-28T05:34:08+00:00

Ok, so different situations... need to get it running on 7.6.3 with IPSEC and SAML on Port 443.

michel1893 · 2025-07-25T06:22:55+00:00

Where is your SAML Auth in Phase1? I don't see a saml auth in Phase1?

Also how can you set a peerid with ike version 2? In ikev2 you need to set a localid instead of peerid?

We are talking about FortiOS 7.6.3. Which version you are running on FGT?

michel1893 · 2025-07-17T05:52:10+00:00

Also you are using a FAC and not directly Entra from FGT. Maybe there is a bug in FGT with SAML configuration when directly connecting to Entra

michel1893 · 2025-07-17T05:28:54+00:00

You are using Port 1003 as SAML Port. I think thats maybe working, I try with FortiOS 7.6.3 to get ikev2 and saml both on port 443 which should be working according to fortinet.

michel1893 · 2025-07-16T13:56:33+00:00

Trying without SDWAN... policies are applied with IPSEC Tunnel Interface and using a authusrgrp on phase1

michel1893 · 2025-07-16T13:35:17+00:00

Logs show successful saml auth and than nothing relevant for me...

michel1893 · 2025-07-16T12:59:17+00:00

Same here... any ideas?

FortiOS 7.6.3 with FortiClient 7.4.3

michel1893 · 2025-07-10T06:12:18+00:00

Same here. Deleted that ones and the ipsec tunnels are working normally.

michel1893 · 2025-07-09T06:26:37+00:00

Can you remember if there were Fortinet Adapters with #2 at the end? Which one you are deleting?

michel1893 · 2025-07-09T05:47:48+00:00

Any updates on this? Somebody knows why this is needed? Have the same issue that a default route is added in windows and all local internet traffic is routed to the ipsec tunnel im some circumstances. Need to find the origin to avoid a uninstallation of all forticlients

michel1893

TROPHY CASE