Basically you can use it for base authentication only but that's not flexible. You can't filter by groups (it will allow all the groups), you can't return groups to FGT since there is no possibility to create the logical networks and use additional RADIUS Attributes based on LDAP groups. Maybe it will be included in future releases of FNAC.
16:39:15.370675 IP (tos 0x0, ttl 64, id 43632, offset 0, flags [none], proto UDP (17), length 48) 10.0.0.5.1812 > 10.0.0.1.18613: RADIUS, length: 20 Access-Accept (2), id: 0x07, Authenticator: c60da80578dac9444425d6257533feb0
The only way that FNAC controls VPN users is via SSO tags.
Fort Authenticator can be useful in this case if no enforcement is needed.
- Emirjon If you have found a solution, please like and accept it to make it easily accessible for others.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.