Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhe
Contributor II

IPSEC Dialup with multiple Radius Groups

Hello!

 

I have a Fortigate with 7.2.4 and many clients that make a dialup VPN with the Forticlient. Authentication works via XAUTH Radius through a OneSpan (formerly Vasco) Authenticator appliance - works fine.

 

Now I have a new requirement that some of these users must be able to access a specific network resource. Can I define multiple, separate dialup tunnels, which I distinguish via XAUTH? Or how do you handle such scenarios?

 

Greetings from Switzerland!
martin

 

4 REPLIES 4
akanibek
Staff
Staff

Dear Martin,

Since you are using Radius, you should be able to specify Radius Remote Groups on FGT.

Then, could you test with adding Radius Group Name attributes to Radius response from Radius Server, and adjust firewall policy for group, who should get access.

Asset
mhe
Contributor II

But how can I work with multiple groups when XAUTH only allows me to specify one group that is allowed to use this dialup tunnel?

akanibek

My bad, I mixed up with SSL VPN. I could see only one solution, as you explained.

Asset
sw2090
SuperUser
SuperUser

couldn't you use the radius group in a policy too? There is options für litiming to users however I never used that with radius up to now (what could change hence we have a FortiAuthenticator now ;) )

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors