FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
msingh_FTNT
Staff
Staff
Article Id 191223
Description
When the user is connected to LAN and is successfully authenticated by Active Directory, DC’s security event log can be polled for logon events and this information is sent to FortiGate to record the IP address, Username and  Group  information  associated  to that  event.  Users  may  have  a  static  IP  or  may  have  DHCP  server assigning the IP address.

If this is a laptop, for example, most of the times authentication request are made using  the  Ethernet  interface  (default  setting). 
What  happens  when  the  user  is  disconnected  from  wired connection? FortiGate does not know the IP address of the wireless interface on this laptop and now the user is  no  longer  authenticated  to  the  firewall.

 User  may  have  to  sign  out  and  sign  back  in  to  make  the authentication request via wireless IP.
This  is  where  RSSO  comes  into  picture.

RSSO  uses  the  wireless  authentication(802.1x)  request  from  the Radius server authenticating that request via Radius Accounting.
We will discuss more about this in a bit. 

Typically, RSSO is solution when third party AP is used but that does not restrict the administrator from using this solution with FortiAP.


Solution
The authentication flow and setup are described in the attached document.

Contributors