Fortiauth and Fotigate Specify groups

Forum|Forum|2 years ago
November 12, 2023
1 reply
1546 views

Hi everyone

i need someone to see what i am doing wrong

i have a fortiauth as a radius server , and the fortigate is a radius client.

i have many groups in the fortiauth.

when i create a group in hte fortigate using remote server fortiauth , there is two opitions (any, specify)

when using any everything works fine and good, but i want to specify certain groups for the policy

when i choose specify it gives me and emtpy tab to write a group with no choices , ive written one of the groups

manualy but when i try it gives me access deny from ssl portal

can anyone help me with that ?

thanks

Best answer by ebilcari

For this to work you have to specify the group name as a RADIUS attribute in the FAC at the user/group level. Than FGT will match only the RADIUS responses that include the same Group Name (case sensitive)

ebilcariAnswer

Staff

For this to work you have to specify the group name as a RADIUS attribute in the FAC at the user/group level. Than FGT will match only the RADIUS responses that include the same Group Name (case sensitive)

Emirjon

MohamedFawziAuthor

Explorer

Thanks ,, it worked

but is there any easier way , i mean every time i want to make a group , i need to add it manually with case-sensitive , shouldn't the fortigate pull these ?

ebilcari

Staff

I'm glad it worked for your setup.

These groups are communicated through RADIUS VSAs during authentication, there is no way to prepopulate these groups through RADIUS before the authentication happens. If you want a passive authentication method to use in firewall policies you can also explore FSSO and RSSO.

Emirjon

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded