#FORTINET VPN FIREWALL DOWNLOAD#
In the “Sigle sign-on” section for your Azure AD application you will need to download the “Certificate (Base64)” from section 3 Collecting the details needed for the FortiGate setupĪs mentioned in the “User and Groups” section above you will need your group “Object id” In the “Users and groups” section for your Enterprise Application add the group you previously created at the start of this guide. The “Single sign on” section 2 for your application should now look like this. Select the “Customize the name of the group claim” check box.Click the edit button for Section 2 “User Attributes & Claims”.Reply URL (Assertion Consumer Service URL) For “Identifier (Entity ID)” and “Reply URL (Assertion Consumer Service URL)” tick the Default check box on the right.Replacing with the port number set in the “SSL-VPN Setting” section of your FortiGate.Replacing with external the public facing IP Address or DNS name for you firewall.
Click “Enterprise Applications” on the left.Logon to you Azure portal and open the Azure Active Directory blade.The first thing we will need to do is create an Enterprise Application within the Azure AD subscription, as this is what the SMAL requests will authenticate against. After your group is created take a note of the “Object id” as you will need it later.You will also need to create a group and add the user(s) who will be using the SSL VPN portal as members.If your user(s) who will be using the SSL VPN portal don’t already exist create them.FortiGate Config – User to SSL Portal Mapping.FortiGate Config – Creating an SSL Portal.FortiGate Config – Mapping local group to the Azure AD group.FortiGate Config – Uploading your application certificate.Collecting the details needed for the FortiGate setup.Possibly earlier versions will work too but I personally have not tested. But I have tested and it is pretty much the same for v6.4.6 and works fine on that release for both physical and virtual models. The screenshots are taken from a FortiGate firewall running v7.0.1. This guide will cover the steps followed. This gives the benefit of the users being able to login using their Azure AD account and you can enforce the use of MFA and other conditions via Condition Access
I elected to use a Fortinet FortiGate firewall with an SSL VPN Portal linked via SAML to Azure AD. I recently had the requirement to allow a few accounts remote access to a server via RDP for support purposes.