Forum Discussion
AAD application proxy : access from external issue
Ok it works now
I ve got a fortigate, with webfilter or other security profile, it does not work, i had to open Internet services.Like this :
thanks for help.
Yeah, that makes sense as it's using internal DNS to resolve the app and just using SAML.
What happens if you remove the custom domain for the app proxy address and use one of Microsofts app proxy addresses. In the Entra portal, is the agent showing as online?
I cannot change custom domain to msappproxy.net domain, i have to create another application.
I will test.
Yes proxy agent is online.
Ok it works now
I ve got a fortigate, with webfilter or other security profile, it does not work, i had to open Internet services.Like this :
thanks for help.
- I have tested, it is a firewall issue.
Web filter issue to for precision.
I followed this page but it miss some websites : https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-connectors
have you got the new prerequisites?
thanks. Sorry, i have recheck and i can see thios error.
- I have tested with DNS resolution for the external URL, timeout too.
There is no error message in agent log.
Seems that MS entra can't connect to agent, even when agent can connect to MS entra. HEllo,
My firewall has an IP, supposed 10.11.12.13. this is the connector external IP BUT port 443 is redirected to vpnssl webpage. Could it be an explanation?- That makes sense, seems like your app needs that external DNS name. It might be worth checking your internal DNS record to see what the target destination is. if it is different from what you set in Entra, it might be worth changing the one in Entra to match the on-prem one. It might be worth changing the timeout in the Entra ID app to long timeout.
Also, have you checked the event logs on your server hosting the agent? - I have tested with an msappproxy.net domain.
I get error AADSTS50011 and if i update application registration, i get a timeout.
So, it's the same.