This article describes why Cisco ISE integration with FortiEdge Cloud is not possible.
Cisco Identity Services Engine (ISE) is a network access control (NAC) platform that uses protocols such as RADIUS to authenticate and authorize devices based on attributes such as the client’s MAC address. When attempting to implement MAC Authentication Bypass (MAB) or IEEE 802.1X authentication with FortiEdge Cloud, this integration is not currently possible due to architectural and protocol-handling limitations.
Scope
FortiEdge Cloud, Cisco ISE, FortiAP.
Solution
FortiEdge Cloud is not supported on Cisco ISE.
Technical Reason: Cisco ISE requires receiving authentication requests (RADIUS) directly from the network access device (NAD) that handles client access, ideally with the following elements:
Client MAC address.
Physical port identifiers (for switches) or BSSID (for APs).
Ability to send standardized or custom RADIUS attributes.
Support for 802.1X or MAB.
However, FortiEdge Cloud:
Is a remote management platform that does not directly manage the access control plane, as it resides in the FortiSwitch or FortiAP.
Does not support MAC-based authentication (MAC-auth) or 802.1X directly from the cloud.
Does not have the ability to act as a Network Access Device (NAD) in an access control architecture with Cisco ISE.
Does not expose RADIUS configurations or mechanisms to send the client MAC address to an external server.
For these reasons, Cisco ISE cannot receive valid requests from a network managed by FortiEdge Cloud, nor perform policy-based actions (ANC, group authorizations, etc.).
