![]() ![]() Therefore, the SAML request will be sent to the specific IdP configured for that SAML group.ġ) Create SSL-VPN Realms on the FortiGate:Įnable SSL-VPN Realms under Feature Visibility. Only the firewall policies that have a group that is matching the request for that realm will be evaluated. To overcome this design limitation, it is possible to leverage SSL VPN realms. In this case, any SAML authentication request will be sent to the first IdP matched in the firewall policies configured, and subsequent policies and IdP's will not be triggered, hence the authentication request may fail. However, in the case of SAML authentication for SSL VPN firewall policies where the source interface is the SSL VPN interface and the source user group references a SAML server, the first firewall policy in the list will be used to choose what IdP the SAML request will be sent to. It is possible though to create multiple firewall policies with specific firewall groups applied, where only one IdP is referenced at a time in each firewall policy. In order to achieve this, SSL VPN realms must be configured along with creating multiple Azure SAML applications. ![]() SSL VPN with Azure SAML authentication using SSL VPN Realms for dual WAN link redundancy.Ĭonsider a scenario where the FortiGate has dual WAN connections and needs redundancy for SSL-VPN client authenticating using Azure SAML Single Sign-on. This article describes how to create SSL VPN with Microsoft Azure SAML authentication with a dual WAN connection on the FortiGate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |