802.1x RADIUS token to bind user firewall policys

Forum|Forum|10 months ago
August 8, 2025
2 replies
393 views

Hello. In my lab environment I am trying to setup 802.1x with dynamic vlan assignment which I have successfully configured. However I would like to build out on this even more and try to make fw policys based on the user, so is it possible to use the same "token" that I use to authenticate the user with 802.1x to create firewall policys with this instead of prompting the user to authenticate again to recieve their firewall policys? Any suggestions? Is it even possible?

FortiGate

ebilcari

Staff

This can be achieved by configuring RSSO, Configuring RADIUS SSO authentication.

Emirjon

AEK

SuperUser

Hello

As far as I know, FGT can't know the user from RADIUS request/response. However, in case you don't already have NAC or ZTNA solutions (that can help with group tags), then you may achieve what you are looking for with RSSO, since FGT can read RADIUS accounting messages.

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/85730/radius-single-sign-on-rsso-agent

Hope it helps.

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded