![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 55.00000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWS%3C/text%3E%3C/svg%3E)
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 42%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Hi Waseem Syed,
Welcome to Microsoft Q&A forum.
Please try to follow the below suggestions:
Check DNS Record Configuration: Make sure that your DNS records are properly configured with GoDaddy, ensure the below points
- A Record: Should point to the IP address of your FortiGate.
- CNAME Record: If applicable, should point to the Fully Qualified Domain Name (FQDN) for the FortiGate.
- TXT Record: Might be needed for domain verification with certain services.
Reference link:https://learn.microsoft.com/en-us/azure/app-service/manage-custom-dns-buy-domain#manage-custom-dns-records
Verify SSL/TLS Certificate: Ensure that the SSL/TLS certificate for your domain is valid and properly installed on the FortiGate. Certificate errors can arise if the certificate has expired or if there's a mismatch in the domain name
Ensure the certificate used for the SSL-VPN portal is:
- Publicly trusted or issued by a CA that the client trusts.
- Matches the FQDN configured for the VPN portal.
If you’re using a self-signed certificate, FortiClient will often block the page unless the certificate is installed in the client’s trusted store.
you can follow the below reference link for better understanding.
Verify Redirect URI and SAML Settings:
- In Azure AD Enterprise Application:
- Confirm the Reply URL (Assertion Consumer Service) matches the FortiGate configuration.
- Ensure the Identifier (Entity ID) is correct.
- On FortiGate:
- Check that the Single Sign-On URL and Entity ID match Azure AD settings.
- Confirm the Certificate used for SAML is valid and not expired.
Inspect Firewall Settings: Check if any firewall rules are blocking access to the FortiGate or Azure services & ensure that the necessary ports are open for SAML authentication.
Hope, you find this comment helpful, if yes, please “up-vote” for the information provided , this can be beneficial to community members.
Kindly let us know if you have any additional questions.
Thanks