Sync rsso users between 2 Fortigate clusters

Question

Hello,

I've got 2 Fortigate 600E clusters on which my students will go to the internet.

The students will be authenticated by a Windows NPS server. In the connection request policy I've created a "Radius server group" to forward the accounting packages. The NPS server seems to be loadbalancing the accounting packages instead of sending the accounting packages to both clusters. When this happened the RssO users are logged on the wrong Fortigate cluster.

So I'm looking for a way to sync the RssO users between the cluster. I haven't seen a way to do is and I suspect it is not possible with Fortigate... Anyone have any experience with this issue?

Thanks!

Ivo

xsilver_FTNT · Answer

Both FSSO Collectors, standalone (free of charge), or the one in FortiAuthenticator (paid), can process RADIUS Accounting packets to create SSO users, which then can be distributed according to Group Filters to connected FortiGate(s).

Therefore, if you are not able to fix NPS to send RADIUS Accounting in parallel to both FortiGates and do RSSO on them, then you can set up at least free standalone Collector on any DC (preferred, but any Domain member MSFT server class OS is fine) and collect+process RSSO there and distribute it to connected FortiGates.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded