Hi everyone
i need someone to see what i am doing wrong
i have a fortiauth as a radius server , and the fortigate is a radius client.
i have many groups in the fortiauth.
when i create a group in hte fortigate using remote server fortiauth , there is two opitions (any, specify)
when using any everything works fine and good, but i want to specify certain groups for the policy
when i choose specify it gives me and emtpy tab to write a group with no choices , ive written one of the groups
manualy but when i try it gives me access deny from ssl portal
can anyone help me with that ?
thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For this to work you have to specify the group name as a RADIUS attribute in the FAC at the user/group level. Than FGT will match only the RADIUS responses that include the same Group Name (case sensitive)
For this to work you have to specify the group name as a RADIUS attribute in the FAC at the user/group level. Than FGT will match only the RADIUS responses that include the same Group Name (case sensitive)
Thanks ,, it worked
but is there any easier way , i mean every time i want to make a group , i need to add it manually with case-sensitive , shouldn't the fortigate pull these ?
I'm glad it worked for your setup.
These groups are communicated through RADIUS VSAs during authentication, there is no way to prepopulate these groups through RADIUS before the authentication happens. If you want a passive authentication method to use in firewall policies you can also explore FSSO and RSSO.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.