Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FSSO Auth for authenticated wifi 802.1x users



I configured Fortigate (Fortios 6.2) as an explicite proxy with FSSO authentication, everything work well for wired users with  domain devices.


Is there a way to use FSSO to athenticate also Corporate Wifi Users already authenticated with 802.1x with an aruba controller ?


Best regards


Yes, and usually is called RSSO.

All of 802.1x auth setups I saw relied on RADIUS authentication between end point and WLC (wireless controller) handling particular AP through which user connected. That WLC or RADIUS server can send RADIUS Accounting messages to FSSO Collector. Either to FAC (FortiAuthenticator), standalone FSSO Collector installed on DC, or FortiGate (FGT) handling RSSO/FSSO. Any of those 3 solutions then process RADIUS Accounting Start/Stop/Interim messages to create authenticated user either in FW (FGT) or as FSSO user record and distribute to connected FSSO clients/FortiGates (FAC/standalone Collector). Solution on FGT is slightly different as it is older then RADIUS to FSSO implemented in FAC/standalone Collector.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff


Hello everyone! I am precisely in a case that is related to the integration of FSSO-Radius Accounting (NPS). So as soon as it is finished I leave you the feedback for future cases


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors