Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
suportewispot
New Contributor

Created on ‎10-19-2022 12:24 PM

[FortiLAN Cloud] How to manipulate Session-timeout and Idle-Timeout by RADIUS Authentication

Hi Team,

 

  I'd like to know if it's possible manipulate the user's session by RADIUS Authencation using FortiLAN with FortiAP.

 

  Because once the user has authenticated through "My Captive Portal", the user's session is always handled by the two fields Captive Portal User Authentication Timeout and Client Idle Timeout in Configuration > Network.

 

suportewispot_0-1666204971136.png

 

      I don't know if fortinet understands the WISPr RADIUS attributes or do I need to use a specific dictionary.

 

Versions:

 FortiLAN  | v22.3_0323

 FortiAP - FAP221E | 7.2.1

 

Thank you in advance !!!!

 

Labels:
1479
0 Kudos
4 REPLIES 4
Jean-Philippe_P
Moderator
Moderator

Created on ‎10-25-2022 01:19 AM

Hello suportewispot!

 

Thanks for posting on the Fortinet Community Forum.

 

I will for assistance and get you documentation or help. We will contact you as soon as possible in this thread.

 

Kindest regards,

Jean-Philippe - Fortinet Community Team
1448
0 Kudos
vpatil
Staff
Staff

Created on ‎10-27-2022 08:11 AM

@suportewispot 

 

If the Captive Portal page is hosted on an External Authentication Server (RADIUS) then you could try using RADIUS Accounting to control user's session:

 

https://docs.fortinet.com/document/fortilan-cloud/22.3.0/fortilan-cloud-user-guide/28299/adding-a-ra...

 

vpatil_0-1666883294262.png

 

Currently, I could not find WISPr info in the FortiLAN Cloud docs.

 

vpatil
1427
0 Kudos
suportewispot
New Contributor

Created on ‎10-27-2022 08:31 AM

Hi @vpatil 

 

Thank you for the support.

 

The issue is that accounting is not being sent to our RADIUS, I've already opened a ticket about it.

 

But, for a vendor to understand these sessions manipulations, I need to know what attributes that vendor operates on

 

As you can see in Cisco Meraki, for example:

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_RADIUS_Au...

suportewispot_0-1666884533119.png

 

 

1424
0 Kudos
vpatil
Staff
Staff
In response to suportewispot

Created on ‎10-29-2022 07:43 AM

@suportewispot 

 

1. I'm assuming that you've already added the following FortiLAN Cloud servers in the allowed list as clients to access the RADIUS server:

  • Global server - 173.243.132.78
  • EU server - 154.52.10.243
  • JP server - 173.243.132.207

https://docs.fortinet.com/document/fortilan-cloud/22.3.0/fortilan-cloud-user-guide/28299/adding-a-ra...

 

2. Yes, a support ticket would be better to check further as to what RADIUS attributes the FortiLAN Cloud servers (RADIUS Client) support.

vpatil
1411
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.