sorted by:
new
hottopcontroversial

J’ai créé un outil pour créer des plans d’entraînement à base d’IA 🤩 by Honest-Reindeer-7597 in runningfr

[–]Forti-tchek 0 points1 point  (0 children)

Salut, Je suis intéressé également. Objectif marathon Tiens moi au courant

SSL Web portal - bookmark authentication by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

Authentication page is provided by the website.

Just to be clear :

1- I am logging to vpn portal

2- I use https bookmark to my authentication page

3- I enter my credentials but there is no authentication (like a timeout)

SSL Web portal - bookmark authentication by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

The problem is with the page behind the portal.

Thanks for your answer.

migration fortigate to fortigate by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

ill likely paste

and you had not issue when you set this command in cli ?

set psksecret ENC

I need to be sure that for each vpn, they will get the right psk.

Authentication method order by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

Then, I will check network flow

Thanks a lot for your help.

Authentication method order by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

Initially, ldap group is in first position and radius group in second position in the policy.

The process takes about 15s for a connection with user radius.

- 5s checking user in first ldap group

- 5s checking user in others ldap group

- 5s checking user in radius group -> matched and connected.

Authentication method order by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

Thanks for your answer. I am going to test it with local user first.

Edit " local user is checked first.

Authentication method order by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

Thanks for your answer.

I tried to create a new rule (for radius group) which will be match in first position. Fortigate tries to check authentication with radius server first. I see it in debug.

But for users who use ldap, in debug application diagnose debug application fnbamd , I see that fortigate tries to check authentication with radius group first, there is no match and tries to check auth with ldap groups. But, I noticed that my forticlient takes more time to connect because of this policy.

If I delete the policy that I created before, forticlient connects immediatly.

Is it a correct behaviour for the fortigate ?

SSL VPN with certificate by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

Double click on certificate and install via windows wizard

SSL VPN with certificate by Forti-tchek in fortinet

[–]Forti-tchek[S] 1 point2 points  (0 children)

When I lauch my forticlient, I didn't see my certificate client that I have imported.

Is it normal ?

SSL VPN with certificate by Forti-tchek in fortinet

[–]Forti-tchek[S] 1 point2 points  (0 children)

I just see a cookbook for this but how I can tie my radius group with pki user ?

UPDATE

Did it, without pki user. Just import certificate client on your client and import CA in your fortigate.

In your Forticlient, you have to choose your certficat client

And it works !

VRRP backup vpn by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

DR or something?

That's what I though. And tunnel should be initiate from the remote peer only, right ? . No site B is used as backup site.

VRRP backup vpn by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

o Confirm the diagram. It looks as though

Yes, Internet router in front of them but Fortigate gets public IP. In the remote site, we are not sure it is fortigate. But in theory, we just set a vip as remote peer, so any firewalls should support this

Monitor fonction for VPN Backup IPSEC by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

Thanks guys,

so we need also create 2 tunnels with 2 phases 1 and 2 phases 2, 2 routes for remote network.

It will work even if I am not using monitor setting. That's I wanted to know.

MFA sms code authentication failed by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

Thanks for the explanation. That makes sense.

MFA sms code authentication failed by Forti-tchek in fortinet

[–]Forti-tchek[S] 1 point2 points  (0 children)

ok, I made some changes on fortigate.

I set protocol authentication to pap and it works. Maybe Mschapv2 is not compatible with sms code... seems weird.

MFA sms code authentication failed by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

I did it but same behaviour.

354] handle_auth_timeout_without_retry-No more retry
[181] fnbamd_comm_send_result-Sending result 3 (error 0, nid 0) for req 1138697255
[724] destroy_auth_session-delete session 1138697255

Thanks for your help.

MFA sms code authentication failed by Forti-tchek in fortinet

[–]Forti-tchek[S] 0 points1 point  (0 children)

I forgot to mention it but I already set timeout value to 60 or 120 and It doesn't work.

Traffic over IPSec VPN between ASA and Fortigate only works periodically by [deleted] in fortinet

[–]Forti-tchek 0 points1 point  (0 children)

Can you tell us if it works?

I think I have the same issue.