Description This article describes a potential fix for
FortiAuthenticator SAML IDP error 403. The same event produces the
following error: 'Access Denied, access to this resource via HTTP is not
allowed with the current network interface configuratio...
Description This article explains how it is best to configure Username
format in Radius and other authentication policies when UPN
(userPrincipalName) is used. Scope The following settings instruct the
FortiAuthenticator on how to read the credential...
Description This article describes how to configure FortiAuthenticator
with the Twilio SMS gateway. Scope FortiAuthenticator. Solution Follow
Twilio's docs to set up an SMS API.Send Messages with Messaging Services
Build and get the code, in this exa...
Description This article describes that Port change in SAML IDP General
settings is not supported. Scope FortiAuthenticator. Solution The
default SAML IDP port 443 cannot be changed on FAC as FAC webserver will
only listen at 443. SAML TCP/443 in our...
Description This article describes how to enable FIDO authentication.
Scope FortiAuthenticator, FortiToken 400, FIDO. Solution Enable FIDO
authentication on the user properties. See the administration
guide.Alternatively, enable it in the sync rule i...
hi there, Most likely if you specify only the logon events (instead of
0, 1, 2) you won't have the users logged off anymore.Check what are the
correct IDs for your server OS. 6) Logon Event ID poller. Increase the
level to '2' instead of '0' of visib...
Hi there, I hope I got this right.If the same public IP/FQDN has been
moved from FGT to LB, you still have the same public IP/FQDN in "config
user saml", and LB is correctly configured to fw the saml auth request
to the FGT, then this is expected to ...
Hi there, * close*timeout*client-rst* accept These actions are also part
of normal operation, they don't necessarily indicate an issue.Need to
correlate some more outputs in order to determine if these events are an
issue. Please follow these trouble...
Hi there, Can you link this issue to any change in your environment?Have
you tested other devices/FortiClient versions?Is it possible for an
effected user to use for a while web ssl portal instead of FCT tunnel
mode?That should help to identify if th...
Hi there, It's unclear to me what do you mean by "Does Foticlient
support to dialup IPsec VPN or we have to configure separate Forticlient
configuration at Fortigate Firewall." If ipsec dialup with 2fa is what
you're after, please check the docs bell...