We are wanting to add about 75 devices for RADIUS authentication to the FortiAuthenticator. I want to use password-only authentication, use a particular realm, and apply a group filter to that realm. I don't want to have to do those steps for each device I import. I can see two possibilities that would be better, but they would both require some changes to the programming of the FortiAuthenticator:
[ul]But I don't want to wait for some future version of code. Is it possible to do the things I want without having to tweak every single device that gets imported?
Thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You are correct, what is being requested is not currently supported. CSV and API do not support setting to this level of granularity. Please continue as suggested and submit your feature requests through your Fortinet rep.
However......
>Instead of Client name/IP, you put in a subnet instead (e.g., 10.11.20.0/24).
This is already being considered for the 5.0 release.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
I too, have this question, as I may have to perform this for several hundred units. I have not been able to determine if the REST API will allow for this.
You can import for the clients, which might be what your looking for.
ken
PCNSE
NSE
StrongSwan
CSV only allows for name, IP/host, and optionally, the secret. The task is to avoid to still have to edit to set other things like authentication method and realm (with filtering)
...jim
Can't you script that? and map the device name and details in a CSV file & import the file.
ken
PCNSE
NSE
StrongSwan
So how do we do that? All the info I have seen shows that only the three fields I mentioned (name, IP/host, and optionally, the secret) are supported in the CSV.
...jim
What do you mean, "script that"? As I stated in my OP and jimsokol reiterated, the ONLY FIELDS that the CSV accepts are name, IP/host, and optionally, the secret. If you don't know or you're just making wild guesses, please don't keep commenting. Thanks.
Scripting means take the 75+ devices ( in your scenario ) and populate a CSV. It's not guessing it's what the rest of the world does that uses FortiAUthentication does.
If you don't know or you're just making wild guesses, please don't keep commenting. Thanks.
WTFM b4 you start calling things out or calling out person that's trying to point you in the right direction. It's very clear as to "HOWTO" and I believe you still have a cookbook that explain this also.
You populate the name, address etc... What your asking about "ip range" is not a doable solution, they give you the doable by crafting a CSV. Once again WTFM.
PCNSE
NSE
StrongSwan
No offense intended by me. My issue is not with writing a script to generate a CSV with the three fields in it for all of my units, it is with having to edit each client after the fact to set the auth method and realm with proper filtering. The doc for the REST API does not appear to list those items as configurable via that method either.
...jim
I give up. Continuing in this particular thread will accomplish nothing, so I'll go through our Fortinet rep and perhaps they can do one or more of the following to address the situation...
[ul]... in the next version of FortiAuthenticator code. Jim, I'll keep you posted if anything happens.
Cheers
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.