Hi guys,
I have a really complex network which combines many different components and have to get it run for dot1x WiFi users authenticated via Cisco ISE which checks AD BUT at the same time the FSSO collector needs to grap that info so it can include the WiFi AD user in the fsso list. Cisco uses security group tags which are being send to Fortimanager via pxGrid but fortigate then has to apply new policies for that group. Instead of that if the above scenario works then the wifi user will fall into the existing policies using the AD groups from FSSO. I saw a workaround by sending radius accounting to fsso collector after enabling that feature.
I got the AP cisco meraki to send radius accounting not only to Cisco ISE but also to the server (AD) where the collector is installed. But do not see anything of the collector it self.
First of all, is the above scenario doable and if so is it a way to dig into fsso collector and see logs for radius accounting? Where i am supposed to see the user mapped with the IP show came via the radius accounting.
Cheers
Hello Nick,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello Nick,
I can see that you get the answer on this forum:
Could you confirm it helped you? If not, we will continue to look for it.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.