FortiClient with EMS Cloud and ClearPass for auth

CyberFortiConquer · ‎06-15-2024

Hi all,

Looking for some help deploying FortiClient with EMS using ClearPass for auth, rather than using AD/Azure directly.

ClearPass is already integrated with AD/InTune and has the required info, can we leverage this info to auth FortiClient VPN users? Anyone got a solution doc that can be shared?

Thanks.

ebilcari · ‎06-16-2024

As I know ClearPass can be configured as a RADIUS server. You can configure the FGT to authenticate VPN users via RADIUS as shown in this NPS example.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

CyberFortiConquer · ‎06-16-2024

Thanks, can we also apply posture info that the RADIUS server has onto the VPN client, if it knows about them?

ebilcari · ‎06-16-2024

So If I get it right you want to change the RADIUS responses based on posture checks of FCT? You can try to integrate FCT EMS as a MDM if ClearPass supports it.

You can also use CP for authentication only and use the FCT EMS tags directly in FGT to block or limit access for non compliant hosts like shown here or here.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

FortiClient with EMS Cloud and ClearPass for auth

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website