Hello!
I have a Fortigate with 7.2.4 and many clients that make a dialup VPN with the Forticlient. Authentication works via XAUTH Radius through a OneSpan (formerly Vasco) Authenticator appliance - works fine.
Now I have a new requirement that some of these users must be able to access a specific network resource. Can I define multiple, separate dialup tunnels, which I distinguish via XAUTH? Or how do you handle such scenarios?
Greetings from Switzerland!
martin
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Dear Martin,
Since you are using Radius, you should be able to specify Radius Remote Groups on FGT.
Then, could you test with adding Radius Group Name attributes to Radius response from Radius Server, and adjust firewall policy for group, who should get access.
But how can I work with multiple groups when XAUTH only allows me to specify one group that is allowed to use this dialup tunnel?
My bad, I mixed up with SSL VPN. I could see only one solution, as you explained.
couldn't you use the radius group in a policy too? There is options für litiming to users however I never used that with radius up to now (what could change hence we have a FortiAuthenticator now ;) )
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.