Fortinet active/active sync errors for SAML SSO on Azure...
Is it possible to exclude certain settings from Autoscaling synchronization?
The end user has a pair of Active/Active FortiGates deployed in Azure between an ELB/ILB, and this configuration makes use of the Autoscaling feature to perform config synching between the FGTs.
They have ran into an issue with this on the SAML-based Admin SSO setup, which is also being synced from FGT-A to FGT-B via autoscaling. This is causing the SP address on FGT-B to be set the same as FGT-A, so if you log in to FGT-B via SSO you are just sent over to to FGT-A.
Is there a way to mark this part of the config to not sync to the subordinate units? They can't seem to find any mention of this on the web?
You can exclude certain things from the HA sync.
Check under?system.saml?(there is the?server-addresssetting there), but those are the settings you get.
Public Speaker| Global B2B Conference Organizer of our flagship event | Management Consultant | Corporate Strategy | Solution Provider | Business Process Enthusiast
2 年Joe, thanks for sharing!