- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAC 3.3 - IP Subnet as client in Radius Service
Hi,
does anybody know if it's possible to configure an IP Subnet instead of a single IP or FQDN for a Client in Radius Service?
For example, in Freeradius you can define:
client 192.168.1.0/24 { secret = VERYSECRETSTRING }
or
client private-network-1 { ipaddr = 192.168.1.0 netmask = 24 secret = VERYSECRETSTRING shortname = private-network-1 }
Thank you.
Regards.
Jorge.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not currently supported, each RADIUS client IP must be specified.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think so, to answer where you might be going with this, you can import numerous predefined radius_clients in the authenticator from a CSV file. This will help if you have bulk clients to included
I believe each client has to be uniquely defined hence why you can't do the wildcard. Not sure if anything changed in 3.3 but might want to pull the release not down and review.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not currently supported, each RADIUS client IP must be specified.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think so, to answer where you might be going with this, you can import numerous predefined radius_clients in the authenticator from a CSV file. This will help if you have bulk clients to included
I believe each client has to be uniquely defined hence why you can't do the wildcard. Not sure if anything changed in 3.3 but might want to pull the release not down and review.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you guys for the answers.
Actually we are implementing it for a customer with 50+ switches (among other devices that use RADIUS) and it would have been very helpful, but we'll use CSV import.
Maybe I'll pass a NFR.
Regards.
Jorge.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you pull the FAC.3.3 or .1 release notes down? It's was release a few days back iirc. I didn't recall any big new items or changes just bug fix but maybe just maybe FTNT add it.
I've asked my SSE team for a bulk configuration tool a few months back, but I'm not holding my breath but if they get enough request, than FTNT might take action.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have just read it and there's nothing relevant. I'll give it a try in a VM, just in case.... you never know....;-)
Ok, I'll talk to SE team here to +1 this, maybe someday.......
Ty.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As per previous response this is not supported (even in the latest patch). Each NAS/Auth Client must be defined either by manual method or CSV import.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Carl
We had the same struggles and didn't find out about the csv import till later on after we migrated. It would be nice if we had a simple bulk tool for adding a multiples of clients and ALL using the same shared radius-secret per client. If you pushing more than 30+ clients, this would be helpful.
Ideally it would be nice to have a cfgmaker that takes the popluar RAS cfg and rebuild it for the FAC, but than most of the competition doesn't have that function either.
just my suggestion.
PCNSE
NSE
StrongSwan