Hi;
Can a different RADIUS Service client be defined uniquely by its hostname? Even if the IP address is the same?
For example a.abc.com defines radius service client1 which requests a single factor password authentication only
b.abc.com defines radius service client2 which requests a two factor authentication
However, both a.abc.com and b.abc.com share the same IP address?
Kindly
Wasfi
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Wasfi,
as your NAS/client is going to come to FAC from same IP and there is restriction that RADIUS Client defined by single IP has to be unique, then I would suggest to utilize RADIUS Client Profiles.
Because one client can have multiple different profiles and each profile has its own definition if it requires/enforces 2FA.
Have a look into profile and pay attention to "Apply this profile based on RADIUS attributes.".
If your a.abc.com client can send some AVP which is unique to this service, then you can use to differentiate between such services/clients regardless they are coming through single IP (applies to NATed as well).
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hi Wasfi,
as your NAS/client is going to come to FAC from same IP and there is restriction that RADIUS Client defined by single IP has to be unique, then I would suggest to utilize RADIUS Client Profiles.
Because one client can have multiple different profiles and each profile has its own definition if it requires/enforces 2FA.
Have a look into profile and pay attention to "Apply this profile based on RADIUS attributes.".
If your a.abc.com client can send some AVP which is unique to this service, then you can use to differentiate between such services/clients regardless they are coming through single IP (applies to NATed as well).
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Thank you xsilver.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1518 | |
1018 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.