Login

u/Direct-Ninja-9795

▲ 3 r/fortinet

Fortiauthenticator local user cannot auth on FortiGate

Hi

I have configured the following scenario: FortiGate as a RADIUS client → FAC as a RADIUS server → LDAP user sync rule to FAC, and this part works fine. However, I am unable to authenticate local users configured on the FAC. On the FortiGate, I receive the error Code: 3 Invalid credentials, and in the FAC logs I see the following:

Warning: failed to search remote LDAP server for remote user 'test_user', error: invalid user

FAC version: 6.6.10, FOS version: 7.4.12

reddit.com
u/Direct-Ninja-9795 — 1 day ago
▲ 1 r/fortinet

hub fortigate dual wan connect to branches with one link wan

Hi,

With reference to the presented topology:

https://preview.redd.it/87o47sv37o0h1.png?width=828&format=png&auto=webp&s=786bc93d49a537f31f8f643dd04d9b1ea3e57a36

is it possible to configure the following scenario according to these requirements?

  • Configure SD-WAN failover so that in the event of a failure of the WAN1 link on FortiGate HQ, all traffic from the local network behind FortiGate HQ to the Internet, as well as traffic for all site-to-site VPNs, remains unaffected and automatically fails over to WAN2, without any manual intervention.
  • Route all network traffic from Site A and Site B through the central FortiGate HQ. These devices only have FortiCare, and the central FortiGate is intended to handle all security functions.
  • The FortiGate at Site A must not be able to communicate with the FortiGate at Site B, and vice versa.

What would be the best way to approach this?

I was considering ADVPN (hub-and-spoke), but I am having difficulty aligning the configuration because Site A and Site B each have only a single WAN link. I also considered SD-WAN over IPsec, but it appears to support only static tunnels, not dial-up tunnels.

reddit.com
u/Direct-Ninja-9795 — 9 days ago