DescriptionFortiGate RSSO and Palo Alto Single Sign On (SSO) stop working after upgrading appliance. ScopeVersion: 8.5 and aboveSolutionDue to a change in functionality
with the introduction of Logical Networks, a Network
Access Policy match is required for the user-id to be sent to the
firewall.
Create a Network Access Policy to match hosts and assign the appropriate network access. For instructions, refer to section Network Access Policies of the Administration Guide in the Fortinet Document Library.
Note: See related KB article below for a known limitation with Logical Networks.
For integration instructions, refer to the following reference manuals in the Fortinet Document Library:
Related Articles
Technical Note: User ID information not sent to Palo Alto using logical networks