Hello all,
We use FortiGate 601E in our company. Before that we were using Check Point.
Our objective is to have users make VPN connection with Microsoft MFA Server. It is working in Check Point without a problem. After the user makes the VPN connection with MFA Server (Radius), we would like to have the users AD groups can be found with FSSO agent. But we don't see any groups at the user.
VPN -> Radius -> FSSO (to get the groups)
What do we do wrong?
When the user is in the local network, it shows the groups but when it connects from VPN, there are no groups.
In Check Point there is Identity Awareness blade and it shows the users AD groups and all.
We are trying to solve this problem for 3 months and we are stuck. Thanks in advance.
Regards
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I am not aware of any way for this to be done with RADIUS users in VPN. You *can* send a specific Firewall group back through RADIUS using the Fortinet VSA "Fortinet-Group-Name" and this could be based on AD group membership, but there isn't way to send more than one group that I know of.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1707 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.