Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jasonw
New Contributor

Created on ‎11-03-2014 04:33 AM

Fortinet authorization and Authentication via Cisco ACS

Hi,

 

Hopefully someone can assist with the setup, we currently have our firewall's authentication back to a Cisco ACS server but all the users in the specific group get full RW access, we have never managed to get the authorization part working. 

 

On the Cisco ACS we have the following Shell Profiles created

Profile 1 (Full)

service       fortinet

memberof  MSB_RW

admin_prof  super_admin

 

Profile 2 (Read Only)

service       fortinet

memberof  MSB_RW

admin_prof  read_only

 

One the fortinet we have the following

admin profile created called "noaccess"

Remote Admin user created as remote with Wildcard enabled and assigned to the noaccess profile.

 

we are able to authenticate to the firewall but no matter what we do we only ever get the default noaccess profile.

 

anything i could be missing??

 

 Regards,

 

Jason

11462
0 Kudos
1 REPLY 1
Jeff_FTNT
Staff
Staff

Created on ‎11-03-2014 08:46 AM

From your description, it look you want use "config system admin/set accprofile-override   enable"  feature.

AFAIK, FortiGate only support RADIUS VSA  for Fortinet :

ATTRIBUTE Fortinet-Access-Profile 6 string

 

Your Cisco ACS setting is for Tacacs+, it also have error "service=fortinet", it should use "service=fortigate", thanks.

 

1164
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.