Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nick_Mavrou
New Contributor

Cisco Meraki / Cisco ISE and Fortigates with FSSO collector on AD

Hi guys,

 

I have a really complex network which combines many different components and have to get it run for dot1x WiFi users authenticated via Cisco ISE which checks AD BUT at the same time the FSSO collector needs to grap that info so it can include the WiFi AD user in the fsso list. Cisco uses security group tags which are being send to Fortimanager via pxGrid but fortigate then has to apply new policies for that group. Instead of that if the above scenario works then the wifi user will fall into the existing policies using the AD groups from FSSO. I saw a workaround by sending radius accounting to fsso collector after enabling that feature.

 

I got the AP cisco meraki to send radius accounting not only to Cisco ISE but also to the server (AD) where the collector is installed. But do not see anything of the collector it self. 

 

First of all, is the above scenario doable and if so is it a way to dig into fsso collector and see logs for radius accounting? Where i am supposed to see the user mapped with the IP show came via the radius accounting.

 

Cheers  

2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello Nick,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Nick,

 

I can see that you get the answer on this forum:

 

https://community.cisco.com/t5/network-access-control/cisco-ise-radius-account-directly-to-fsso-coll...

 

Could you confirm it helped you? If not, we will continue to look for it.

 

Regards,

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors