With AnyConnect it is possible to authenticate to RADIUS and let NPS handle which group-policy/tunnel-group the user should receive based on their rights in NPS. Is this possible with Fortigate SSL-VPN and is there anything special needed to configure this besides the NPS itself?
I can't seem to find any documentation about this type of implementation.
Solved! Go to Solution.
Hello,
it is possible to pair users to specific user group defined on FortiGate.
This pairing is for authentication done strictly through Fortinet-Group-Name VSA (vendor specific attribute) AVP (additional value pair).
Using anything else, like Class AVP, is not possible for active authentications.
More details about RADIUS Group Match, as the feature is usually called on FortiOS/FortiGate, kindly refer to this KB:
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hello,
it is possible to pair users to specific user group defined on FortiGate.
This pairing is for authentication done strictly through Fortinet-Group-Name VSA (vendor specific attribute) AVP (additional value pair).
Using anything else, like Class AVP, is not possible for active authentications.
More details about RADIUS Group Match, as the feature is usually called on FortiOS/FortiGate, kindly refer to this KB:
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Thank you. Another good link I found for matching the group is below.
Technical Tip: How to define group based authoriza... - Fortinet Community
Yes, good one as well, more oriented to NPS while my one was more on how FGT handles that and what is expected in RADIUS Access-Accept to make it working.
Both are good sources.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.