I have x2 FSSO collector agents installed on 2 DCs (for redundancy) that monitor 5 DCs via DC Agent. This works well and LAN users show up on the Fortigate nicely.
To get Wifi Devices/Users identified on the Fortigate and usernames associated to devices I have done the following
1. On my Unifi AP I have pointed Radius Accounting direct to the firewall with a new psk
2. On the Fortigate I have setup an RSSO Agent in Single Sign-on. I have added the same psk to this
3. I set rsso-endpoint-attribute User-Name on the Fortigate
This works nicely as well. My question is how do I get groups working with this? For example I have multiple AD groups for web filtering. Examples are: proxy_allowall, proxy_allow media, proxy_standard etc - A user can only be a member of 1 group. I want to be able to use these groups to match against web filtering polices. How can I associate RSSO groups with NPS? I get I need to add the class attribute to NPS but how do I handle multiple groups?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.