Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Oğulcan_Özügenç
New Contributor

FortiGate 601E SSL-VPN - Radius Auth. - FSSO

Hello all,

 

We use FortiGate 601E in our company. Before that we were using Check Point.

 

Our objective is to have users make VPN connection with Microsoft MFA Server. It is working in Check Point without a problem. After the user makes the VPN connection with MFA Server (Radius), we would like to have the users AD groups can be found with FSSO agent. But we don't see any groups at the user.

 

VPN -> Radius -> FSSO (to get the groups)

 

What do we do wrong?

 

When the user is in the local network, it shows the groups but when it connects from VPN, there are no groups.

 

In Check Point there is Identity Awareness blade and it shows the users AD groups and all.

 

We are trying to solve this problem for 3 months and we are stuck. Thanks in advance.

 

Regards

1 REPLY 1
lobstercreed
Valued Contributor

I am not aware of any way for this to be done with RADIUS users in VPN.  You *can* send a specific Firewall group back through RADIUS using the Fortinet VSA "Fortinet-Group-Name" and this could be based on AD group membership, but there isn't way to send more than one group that I know of.

Top Kudoed Authors