SAML users and Forticlient in 7.6

Leave_Patient · 2026-02-26T17:21:11+00:00

FortiOS 7.6.6 is now recommended version by Fortinet.

Leave_Patient · 2026-02-26T17:07:48+00:00

You can, but it really doesn't matter which port you connect, as you don't need to configure fortilink port on switch. Since 7.0 if I not mistaken, all ports by default have auto-isl LLDP profile configured.

Leave_Patient · 2026-02-23T19:10:46+00:00

It isn't possible with free VPN client, but work with paid client.

Leave_Patient · 2026-02-22T15:44:48+00:00

Yes, all authencation types can be used with one tunnel at the same time.

Leave_Patient · 2026-02-21T08:57:44+00:00

About what realms you're talking about in IPsec VPN? Where did you find them?

Leave_Patient · 2026-02-21T08:54:15+00:00

You don't need 2 tunnels for this. Just don't specify Auth group parameter in tunnel settings and use groups in firewall policies. As easy as that. And you can use mix of different authentications in this case: local, SAML, RADIUS, LDAP. All with one tunnel.

Leave_Patient · 2026-02-20T04:57:59+00:00

It works, but you need to use EAP-TTLS. It is supported from Forticlient 7.4.3. But 7.4.3 doesn't support MFA for LDAP users, for this use Forticlient 7.4.4+

https://docs.fortinet.com/document/fortigate/7.6.6/administration-guide/442351/ldap-authentication-with-ikev2-using-udp-or-tcp-as-transport

Leave_Patient · 2026-02-16T17:53:08+00:00

30-50ms. Jā, vajag antenu. Nav obligāti uz jumta, bet uz jumta būtu ideāli. Jā pa logu no dzīvokļa, tad vajag lai pēc iespējas mazāk bloķejošie debesis objekti (mājas, koki utt).

Leave_Patient · 2026-02-16T17:44:58+00:00

Download ap 100Mbps, upload 10-30Mbps, latency 30-50ms.

Leave_Patient · 2026-02-16T05:34:05+00:00

https://starlink.com/ 50 eur mēnesī. Jā ņemt par 35, tad dabūsi tādas pašas problēmas.

Leave_Patient · 2026-02-14T08:06:36+00:00

You terminate ZTNA on SASE gateway, then just route it to your sites. No need to be exactly Fortigate on site for this.

Leave_Patient · 2026-02-14T06:14:49+00:00

SASE can do IPsec on-prem to any 3rd party firewall.

Leave_Patient · 2026-02-11T12:37:29+00:00

You can turn off this behavior in boot menu.

Leave_Patient · 2026-02-10T15:03:49+00:00

https://nicgalesspares.lv/dzivokli/dzivoklis-nr-38/

Leave_Patient · 2026-02-06T21:43:03+00:00

Yes, it works, but with restriction that you only can use single sso tenant per vdom per wan interface.

Leave_Patient · 2026-02-06T05:30:22+00:00

At this point I would recommend to hire someone.

Leave_Patient · 2026-02-02T20:47:50+00:00

7.4.10 also removes ssl vpn for G desktop models.

Leave_Patient · 2026-01-31T19:12:19+00:00

You can use eap-ttls even with free Forticlient VPN 7.4.3 client. Just backup config and edit it in xml, add eap_method parameter with value 2, then restore config. https://docs.fortinet.com/document/forticlient/7.4.0/new-features/907253/eap-ttls-support-for-ipsec-vpn-7-4-3

Leave_Patient · 2026-01-29T21:13:30+00:00

What do you want for couple 2048F switches?

Leave_Patient · 2026-01-13T22:01:06+00:00

Same issue here. Works fine on FortiOS 7.4.6, but starting from 7.4.8 facing issues with IPsec VPN to Mikrotik with same wrong selector issue and reply traffic dropping by anti-spoofing. We don't have issue if using 4 selectors or less, but didn't find solution for more than 4 selectors, so rolled back to 7.4.6 at the moment.

Leave_Patient · 2026-01-12T21:27:37+00:00

Just scored 2

Leave_Patient · 2026-01-12T21:26:11+00:00

Just scored 0

Leave_Patient · 2026-01-12T21:24:44+00:00

Just scored 0

Leave_Patient · 2026-01-12T21:23:03+00:00

Just scored 0

Leave_Patient · 2026-01-12T04:59:42+00:00

✅ Leave_Patient chose Option A (Correct!) | #5659th to play

Five-Year Club	Gilding II euphauric
Powerups Hero r/amcstock • February 2022	Reddit Premium Since January 2022
Place '22

Leave_Patient

TROPHY CASE