Пікірлер
@kwm1985 Ай бұрын
Thank you very much for this video. I had an issue with the step where I had to setup the custom "username" claim attribute on the Azure side and the documentation and other tutorials don't clearly state what to do there.
@sokoculz 2 ай бұрын
thanks bro
@gdhomy2009 3 ай бұрын
Where did you get gateway address to put in browser and Forticlient
@JamesNationMusic 3 ай бұрын
Dude thank you! One thing to note, is that you dont need the quotes anymore on 7.2.8 firmware.
@JasonMilczek 4 ай бұрын
Highly recommend 1.5x playback speed on this video.
@ludapebe 5 ай бұрын
Hi. I have a problem with the client . Log show a problem with connect to server error 6500
@taza1411 7 ай бұрын
Thank you for this video it was extremely informative
@decosion5498 7 ай бұрын
Very nice explanation
@nil1377 9 ай бұрын
Thank you for sharing this tip Dan, this makes policy configuration clear & clutter-free.
@nature0893 10 ай бұрын
Thank you for the video
@thom12345100 10 ай бұрын
Thank you Dan! I was able to setup the same within 1.5 hours thanks to your vid. If anyone cares: If using FIDO2 key (passwordless), you have to select the option in the Forticlient VPN profile to authenticate using the browser.
@tommaor2094 10 ай бұрын
can i use self signed certificate for azure saml ?
@lalitjoshi8032 11 ай бұрын
Great Content...
@hafezelashry2275 11 ай бұрын
Is this websites and urlsis trusted?
@hafezelashry2275 11 ай бұрын
Is this websites and url is trusted
@fransishummel 11 ай бұрын
what should be the format if we are uploading ips from a notepad file , i have uploaded it to my drive and connected , its connected but on show entries its showing errors !!
@capricornnnn 11 ай бұрын
Thanks. How you can implement this with SSLVPN? Now that so much vulnerabilities with SSL VPN and people scanning the internet, with port 443 opened from outside. A use case will be to use this for SSL VPN. It will be nice to have some information about it :). Talos link doesnt work. I dont find any IP block list. May be they have changed it.
@d4nielcui 11 ай бұрын
It's great tutorial. by the way, I found an error "Invalid HTTP request" when I tested. Could you advise, Dan? Thank you!
@kento6909 Жыл бұрын
At about kzbin.info/www/bejne/pHWrY6qsq8p_qKs, you copied the FQDN but where should I get the FQDN in Fortigate from? Ive been trying to set up this configuration form yesterday but still stutcked on the way. Please help!! Kento from Japan.
@MaxKulik Жыл бұрын
Great Video! Thanks for sharing!
@deejayboziah9800 Жыл бұрын
Well done video tutorial, Kudos. You didnt mention url haus, does it not need a firewall policy?
@anto5741 Жыл бұрын
Thank you very much for your video. Regards
@michaelramirez9378 Жыл бұрын
Thank you for creating this content Dan. Great video and instructions. It was incredibly helpful.
@n2sport1 Жыл бұрын
Do you need separate fortigate ssl vpn enterprise apps for separate fortigate firewalls?
@WReaume Жыл бұрын
Great vid. My free Azure account would not allow me to add groups to the FortigateSSL enterprise app thingy in Azure, only users. But, you could kick it a bit on the login and could evenutally get to the SSL portal. Thanks for the useful video and info. Make more vids!
@IMRAN-AHMED-TECH-TALKS Жыл бұрын
Thanks
@BenjaminBox Жыл бұрын
I'm studying for my SC-900 exam and I came across this setting and it just confused me as to why it's default... I'm glad I got this video, now I know it's weird as I thought.
@la08 Жыл бұрын
Fantastic! one question: There seems to be a limitation on 7.0.9 to add multiple saml server to a group. Is there a way around this without recreating the same firewall policies for different saml servers
@GraniteDan Жыл бұрын
Add multiple groups to the firewall policy.
@la08 Жыл бұрын
@@GraniteDan Tried this, the issue is the same. Not able to add 2 different user groups(referencing two different saml server) to a firewall policy
@attiland56 Жыл бұрын
Best content in the subject for months in the subject I have come across. Thank you
@ryanprosser1823 Жыл бұрын
Fantastic video thank you! Great note about being able to leverage this to examine and compare malware hash for internal traffic across VLANs. I've always wondered if my network would slow if I routed VLANs on the firewall rather than our core switch...
@abdallahezat8604 Жыл бұрын
great sharing.
@franckymetal Жыл бұрын
Good morning Dan, really nice video and well explained. I was just wondering, in the ssl settings in the Authentication/ Portal Mapping if i create a mapping to a new portal for azure and I also have a mapping for a group of local user of fw to connect to the portal full-access for example. When my users with local account will connect to the fw via forticlient, will they get the azure windows also ? I would like to keep these users connecting without the azure portal but also that some groups gets azure windows.
@johnnyfernandez994 Жыл бұрын
thank you so much! I have an End of Sale / End of support Fortigate in my home network and fortunately with this video I could take advantage filtering malicious traffic withous official fortinet license, thats great! thanks and regards from Costa Rica!
@JanisJaunosans Жыл бұрын
noice!
@rafaelaraujo7384 Жыл бұрын
Hey bro. Since fortigate use FortiGuard to provide realtime "security blocks" while using ISDBs for example, WHY we should use an IP address Threat Feed Integration?
@GraniteDan Жыл бұрын
Lots of reasons. 1st would probably be that no one security vendor catches everything. No matter how good their sales pitches are. 3rd Party feeds can complement Fortiguard services. Second might be in-house or industry maintained feeds. I used to work in higher education and lots of institutions across Canada pooled threat intel into a common misp database and those feeds could be ingested into member firewalls regardless of vendor. Or like the example in the video if you are running a dual stack internet connection and you want to block all traffic from TOR exit nodes both ipv4 and ipv6 (fortiguard ISDBs are ipv4 only). You may want to use a feed as an allowlist rather than a blocklist and you can do that using a feed because it just acts like an address object in a firewall policy. There are a lot of possibilities for this.
@rafaelaraujo7384 Жыл бұрын
@@GraniteDan great... Thanks for the answer... Do we haver a risk tô block falar positives? How would we deal with that?
@denmanfite3156 Жыл бұрын
Great video. Really enjoyed how you showed the whole process including the small issues you ran into.
@joshpark1 2 жыл бұрын
I've been pouring over the config documents from both Azure and Fortigate side for about a week preparing to get it done this week. Always helpful to see someone actually do it though and I'm really happy you left the troubleshooting in there. Invaluable! Liked and subscribed sir, thank you!
@elcioluizjunior 2 жыл бұрын
not working here, my vpn portal do not redirect do microsoft, if a access the saml address I have remote/saml/login invalid http request
@peterliu5296 2 жыл бұрын
great video. really informative .well organized and detailed. thanks for sharing. would like to see more upload from you.
@robdax3122 2 жыл бұрын
Hi Dan, this video is very helpful, but I missed the MFA part. If I am not wrong, you didn't configure it. I can see that the systen asked username and password, but not a second factor (multi-factor or two-factor) authentication. No token or OTP of any sort.
@GraniteDan 2 жыл бұрын
Rob, thanks I didn’t get into MFA other than maybe mentioning it. Azure AD handles the MFA side of things if you have MFA enabled either per user for via conditional access you will get prompted for MFA just like you would when logging into M365 or any other app.
@KK-po5hm 2 жыл бұрын
Dan, Do you provide consulting services?
@cloudmasterlive 2 жыл бұрын
Thank You for sharing. It was informative.
@nimesis124 2 жыл бұрын
Hi Dan, My forinet is running in AWS and I want to connect with Azure same like this video, Do I need to allow any ports in Azure and AWS vice versa?
@em7yn 2 жыл бұрын
Can this be done without running a domain for our SSL Cert? I.e, running a cert to our public IP? We have no internal DNS so setting this up would be difficult for FQDN.
@philiponstwedder1868 2 жыл бұрын
Thanks Dan. Good explanation. This helps.
@Heineken1712 2 жыл бұрын
Hi, does anyone know if you can apply Azure 2FA like this to authenticate against FG SSL VPN?
@GraniteDan 2 жыл бұрын
That is exactly what the video shows you how to do.
@Heineken1712 2 жыл бұрын
@@GraniteDan I only see azure authentication with username/password. But I'm new to azure, I probably don't fully understand the 2FA process of azure. Afaik you need to accept the 2FA f.e. on your phone. The login procedure on SSL VPN doesn't show a page where it is waiting for acceptance of the 2FA.
@GraniteDan 2 жыл бұрын
@@Heineken1712 MFA is wholly managed by Azure AD. When it is enabled either per user or by conditional access and you are authenticating with Azure AD via SAML the user will receive the MFA prompts just as they do when logging into Any Office 365 cloud apps etc.
@dodonohoe30 2 жыл бұрын
Great content Dan. For my understanding, I wonder could someone give me the highlevel sequence of events here, in terms if the token / authentication flow mechanism?
@wascarreyes01 2 жыл бұрын
How can I have redundancy with SAML?
@GraniteDan 2 жыл бұрын
What sort of redundancy are you looking for?
@wascarreyes01 2 жыл бұрын
@@GraniteDan we have multiple interfaces configured on SSL VPN, the question really is, should I create two multiple instances in Azure AD as well?
@GraniteDan 2 жыл бұрын
@@wascarreyes01 I don't believe this would be required. If all of the users exist in the same Azure AD. Should be able to setup a Single server and then allow specific groups.
@wascarreyes01 2 жыл бұрын
@@GraniteDan What if my firewall’s public IP goes down?
@GraniteDan 2 жыл бұрын
@@wascarreyes01 If your public IP goes down then your users probably won’t be able to connect to the SSL VPN. For that level of redundancy you could look at multiple connections, SDWAN, and some load balancing for the FQDN that users are connecting to.
@kichak99 2 жыл бұрын
Thanks great detailed video
@nimesis124 2 жыл бұрын
I am not able to import azure ad certificate in fortigate via remote certificate, I am using fortigate evaluation license
@GraniteDan 2 жыл бұрын
I do not know if this would be a limitation of the evaluation license or not. Validate you are downloading the correct version of the certificate. Do you get an error? Option not there?