Query concerning MFA to Microsoft on the Fortigates for management access. We have a working solution but we have a slight problem which I can't seem to resolve.
We have 2 user groups for access to the Fortigates - Access-Write & Access-Read.
I configure management access on the fortigate given users access to make changes to the firewall if they are in Access-Write and Readonly access if in the Access-Read group.
This access is controlled by the Fortigate User Group Remote Group and Group name entry and the policies on the NPS server for this device group
The issue I have is when I turn on the MFA piece the MFA fails when I have a User Group group name specified - only when I use all groups does it work. That's okay but I lose the ability to seperate the Read and Write only grouping. I can move across a user between the Domain Read Only and Write Access group but they both have full write access.
How can I push a read-only and read/write policy from the NPS to the Fortigate so I can seperate these users without specifying the user group configuration.
- that uses a FortiAuthenticator as RADIUS server example, but you can just as well use an NPS, simply make sure the required VSAs are included, and you have enabled the radius override setting in the wildcard admin entry.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.