| Description | This article describes how to configure FSSO tags via CLI in FortiOS 7.2.4 GA, so tags can be exchanged between FortiNAC and FortiGate. |
| Scope | FortiNAC, FortiOS 7.2.4GA, FortiGate. |
| Solution |
Starting from FortiOS 7.2.4 GA, it will appear that no option is available to add FortiNAC from the FortiGate GUI under Security Fabric -> Fabric Connectors.
However, it is still possible to configure the FSSO tags via CLI:
- It is necessary to define via the CLI and set the type FortiNAC. - Set the FSSO setting 'group-poll-interval' > 0. - This will trigger the tagging exchange and they appear in the Users section of Firewall policies.
config user fsso set group-poll-interval 1
After configuring FSSO via CLI, enable to below debugs so it is possible to see the TAGs being exchanged between FortiGate and FortiNAC: diag debug app authd -1
The following output should be displayed and tells that FortiNAC has exchanged the tags with FortiGate (for illustration only a bunch of the Tags that have been exchanged are shown).
Under Policy & Objects -> Firewall Policy create a new policy.
|
