Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wasfi
New Contributor

Can a different RADIUS Service client be defined by its hostname?

Hi;

 

Can a different RADIUS Service client be defined uniquely by its hostname? Even if the IP address is the same?

 

For example a.abc.com   defines radius service client1 which requests a single factor password authentication only

b.abc.com defines radius service client2 which requests a two factor authentication

 

However, both a.abc.com and b.abc.com share the same IP address?

 

 

Kindly

Wasfi

1 Solution
xsilver_FTNT
Staff
Staff

Hi Wasfi,

as your NAS/client is going to come to FAC from same IP and there is restriction that RADIUS Client defined by single IP has to be unique, then I would suggest to utilize RADIUS Client Profiles.

Because one client can have multiple different profiles and each profile has its own definition if it requires/enforces 2FA.

 

Have a look into profile and pay attention to "Apply this profile based on RADIUS attributes.".

If your a.abc.com client can send some AVP which is unique to this service, then you can use to differentiate between such services/clients regardless they are coming through single IP (applies to NATed as well).

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

View solution in original post

2 REPLIES 2
xsilver_FTNT
Staff
Staff

Hi Wasfi,

as your NAS/client is going to come to FAC from same IP and there is restriction that RADIUS Client defined by single IP has to be unique, then I would suggest to utilize RADIUS Client Profiles.

Because one client can have multiple different profiles and each profile has its own definition if it requires/enforces 2FA.

 

Have a look into profile and pay attention to "Apply this profile based on RADIUS attributes.".

If your a.abc.com client can send some AVP which is unique to this service, then you can use to differentiate between such services/clients regardless they are coming through single IP (applies to NATed as well).

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

wasfi

Thank you xsilver.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors