Hi, i recently got working my configuration of RSSO Auth On my UniFi AP Via Radius + Radius Accounting.

I followed an old cookbook of RSSO Configuration on the fortigate to do this.

But after all the configuration

UNIFI:

- Set the IP of the Radius Server(and accounting port 1812 & 1813) on the UniFi AP Controller.

- Set the Radius Client on the NPS  of the UniFi AP (The Wireless ap that users will use)

- Select WPAEAP as Wifi AUTH Method

NPS:

- Set Fortigate as Remote Radius Server to get forwarded the request of the radius requests on the NPS

- Set NPS ConectionRequest Policies with Class Matching the RSSO Group Atribute, Framed-IP-Address of the NPS server,

- Set NPS Network Policies to accept Wireless Connections, Radius Standard: PPP Framed Protocol,Vendor Specifics 12356

Fortigate:

- Set the RSSO Agent with Secret Matching NPS 

- Set RSSO Group matching Attributes of Class on the NPS

- Configured via CLI to get USER-NAMES.

But after all this i can see the user on the FireWall User Monitor  but no traffic. 

I diagnosed the RSSO connection and can see the user logged on, RSSO Group and the IP of the user.

Im also generating traffic with ping requests, web pages access and none of the traffic is getting on the FG.

I Traced back the ip to verify the route and i reach the IP.

I can't see what im Missing!!:face_with_rolling_eyes:

 Edit:

I Removed the user group from the policy and traffic start flowing, stopped again when i applied the User Group again.