Hello Everyone, I want that when a computer connect to the specific port on a FortiSwitch which I defined as vlan access port The computer will open like-a captive portal \ windows authenticate and the user can type and authenticate with local fortigate user. I bought a new FortiSwitch 124D-POE connected to the fortigate successfully. Under the Fortigate interface i created a vlan id 200 and assign him to port1 on the FortiSwitch. In the VLAN 200 interface i've changed under Admission Control the security mode to 802.1x and assign a user group. I had a success on working with 802.1x security ports that opens me a captive portal and it's working great, Granted access only after i put the username and password. After i upgrade the fortigate device from 5.4.9 to 5.6.5 it stopped working, not getting the authenticate window. Many things changed as example - FortiSwitch has now security policies category and under the vlan interface settings -> Admission Control -> Security Mode i no longer having 802.1x. I tried to go through all the articles for the 5.6 but everyone says that is required radius\ldap server with CA certificate, and it work just fine with local users and groups in the OS 5.4. if it works in version 5.4 I do not see a reason why it will not work in version 5.6. The network diagram as follows: FortiGate 80E ------------------------------------ Port10 = A single physical port === Dedicated to FortiSwitch VLAN 200 = Sub-Interface under port 10 ==== 172.20.120.10/24 with DHCP Server ------------------------------------ FortiSwitch 124D-PoE ------------------------------------ Port24 = Uses as FortiLink Port1 = Access Port VLAN 200 FortiSwitch port 24 <=connectedto=> FortiGate port 10 FortiSwitch port 1 <=connectedto=> Testing PC P.S- It would work just like in the next video from Fortinet "Managing FortiSwitch from a FortiGate" https://www.youtube.com/watch?v=Psr3ukCAR5k Questions: 1. Is it possible to have this work on FortiOS 5.6 exactly like it worked for me at FortiOS 5.4? 2. I would like to have all the needed commands to get this work if possible. 3. I would like to know if i can do this in other way without RADIUS or LDAP server.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.