- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Differentiating Cisco client types
I would like to have a different policy for IPSec clients versus AnyConnect SSLVPN clients. Cisco has a VSA for this (see here) but I'm having trouble figuring out how to bring that into the FortiAuthenticator. I go to Authentication -> RADIUS Services -> Clients, I choose my client and select "Apply this profile based on RADIUS attributes." However, I need Vendor ID 3076 with type 150. Since I don't see it there, I guess I would need to add a custom one. Unfortunately, custom is not one of the options.
Is there a way to add your own vendor ID with vendor attribute? I see there is an option for "Vendor-Specific" with a value to put in. Is there a way to format that such that it translates to 3076,150,2 (VendorID,AttributeID,Client-Type)?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, It seems to me that you would like to differentiate and apply different profiles for a single RADIUS Client, via option "Apply this profile based on RADIUS attributes." and specific profiles distinguished by Cisco/Client-Type AVP.
I do not found it in between supported Cisco AVPs on FortiAuthenticator 4.1.1 build 0081.
Therefore I would suggest to use another AVP if possible.
Kind regards, Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
