I have a new customer with multiple small networks of FortiGate 60F + FortiAP (5 to 10 in each network).
He wants to limit wifi users either by time connected, hours/days/weeks, and/or traffic consumed.
Traffic must include all apps/protocols not get html traffic.
Is there a Fortinet product that can do this?
If not, is their a 3rd party product thats will do the job?
Of course as always cheaper is better.
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello memm,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
For that you will need an external RADIUS server that will do Accounting. This functions are covered by FortiAuthenticator you can read more about this feature here: https://docs.fortinet.com/document/fortiauthenticator/6.4.6/administration-guide/738461/usage-profil...
We got a demo account for FortiAuthenticator to try out, seems to work quite well but we seem to have got stuck on the following:
When an account hits it's data usage limit during the defined 24 hour period how can it automatically reset when the 24 hours pass?
We basically want the data usage limit on the accounts to automatically reset each day.
Thank you.
I suppose that should be the behavior, reset after 24 hours. I haven't test it my self
We've opened a ticket with support but they seem equally baffled.
Hi,
I would normally go and purge disabled users. Your overused user should be disabled and can be purged when it is disabled. They have to sign up then again:
Best regards,
Markus
Thank you both for your replies.
We did briefly consider FortiAuthenticator.
How does the Fortigate communicate user time and data consumption info to FortiAuthenticator?
Thanks again.
Memnon.
The communication is done using RADIUS accounting messages. FGT need to be configured via CLI to send this messages to FAC, like:
config user radius
edit "FAC"
set server "fac.eb.eu"
set secret ENC *****
set nas-ip 10.0.10.1
set acct-interim-interval 600
set auth-type ms_chap_v2
config accounting-server
edit 1
set status enable
set server "fac.eb.eu"
set secret ENC ****
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.