I am using RADIUS server on my FG-200F to login into web gui. I create a test account and link it to radius profile. I give special admin profile, like creating VLAN, policies etc, to the test account.
The test account can be logged in into FG via RADIUS but its profile is shown as read_only after I login. I can't use the special admin profile with RADIUS, can't change anything on FG. Am I doing something wrong?
config system accprofile edit "test_profile" set secfabgrp read set ftviewgrp read set authgrp read-write set sysgrp read-write set netgrp custom set loggrp read-write set fwgrp custom set vpngrp read set utmgrp read-write set wifi read-write config netgrp-permission set cfg read set packet-capture read set route-cfg read end config fwgrp-permission set policy read-write set address read-write set service read-write set schedule read-write set others read-write end next end
----- this is the admin profile config system admin edit "test.radius" set remote-auth enable set accprofile "test_profile" set vdom "root" set wildcard enable set remote-group "hrgrp" set accprofile-override enable next end
For RADIUS, I am using Synology. For cisco switches and unifi, it works as expected
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.