To keep the administrative accounts isolated from users account we are using an additional/2nd FAC in the DMZ. We are looking forward to using an internal FAC to authenticate administrative users logons in the DMZ FAC, but the typical Super-User value in Fortinet-FPC-User-Role/Fortinet-Access-Profile RADIUS VSA isn't working (the user logs as regular/non-administrative one).
Does anyone know what it's necessary to get this working?
Regards,
Felicio Santos.
Felicio Santos, CAPM HP MASE FlexNetwork v1, MCITP 2008 SRV, ENT, ENT Messaging FTNT FCNSA v5 / MCSE NT,2000,2003 MCSA 2000,2003,2008+SEC,Office365 / Network+
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
AFAIK there are no remote admin account types on FAC (as we know them for example from FortiGate remote/wildcard admins).
FAC has local admins defined in Local Users (User Management) with Role=Administrator.
By default those admins do not even has ability to be used and authenticate via RADIUS from outside, so they are completely local into FAC itself.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
This should possible if the user is not set to be a FAC Admin as above. Take a look at this integration guide I wrote a while back.
If you follow this process and it still doesn't work, check the RADIUS attributes are being sent by sniffing the RADIUS (you will need to decrypt the RADIUS packets in Wireshark
[ol]
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Hi,
Thanks for the reply!
It only worked if created in advance a "remote user" with admin privileges. I was looking to have in the FAC a functionality like a wildcard admin on FGT. Even TAC didn't find out how to make it work, so I will go with the remote user manual creation and look forward if this pops up on a future FAC release.
Regards,
Felicio Santos.
Felicio Santos, CAPM HP MASE FlexNetwork v1, MCITP 2008 SRV, ENT, ENT Messaging FTNT FCNSA v5 / MCSE NT,2000,2003 MCSA 2000,2003,2008+SEC,Office365 / Network+
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1707 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.