- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RSSO - Single Username assigned to all Devices/IPs
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RSSO - Single Username assigned to all Devices/IPs
Hi All
Abit of Weirdness with RSSO in one of my VDOM's. I have a Fortigate 200D where we configured RSSO to recieve Accounting messages from our NPS server (users authenticate to radius through Wireless Controller).
From Config it all appears correct -- compared the config of this VDOM to another I have where I have RSSO working correctly and it looks the same with the exception of the Radius Server Used.
Looking at "User & Device > Monitor > Firewall" I can see the different user entries with Method RSSO, however when i look at the Fortiview Sources all the entries have the same username (which I know is incorrect). refreshing the view the username will change to a different one, but it then applies to all entries again.
Any Suggestions on where to check for problems in my config would be greatly appreciated.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Noticed now that when I disable "Device Identification" on my Interfaces no Username is displayed - so enabling this then I get a single username assigned to all devices, but having it disabled no Username is displayed/associated at all.
With the "Device Identification" option Disabled I still do get the correct user entry under "User and Device -> Monitor -> Firewall"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Device identification should not interfere AFAIK.
If you are getting multiple IPs authenticated by a single user, then I would suggest to verify rsso enabled radius server and especially mappings like rsso-endpoint-attribute and sso-attribute.
Also compare GUI to 'diag firewall auth list' for those rsso ( | grep rsso), simply to see how firewall see it internally and if it's not an GUI issue (haven't seen it in lab).
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Running "diag firewall auth list" I see the entries as below:
192.168.212.63, network\yca13
type: rsso, id: 0, duration: 145, idled: 7
group_id: 11
group_name: networks_rsso_Group
192.168.212.74, NETWORK\NP811
type: rsso, id: 0, duration: 1572, idled: 1572
group_id: 11
group_name: networks_rsso_Group
192.168.212.75, network\km907
type: rsso, id: 0, duration: 1066, idled: 3
group_id: 11
group_name: networks_rsso_Group
192.168.212.86, network\MM408
type: rsso, id: 0, duration: 1572, idled: 111
group_id: 11
group_name: networks_rsso_Group
----- 32 listed, 0 filtered ------
As I am still quite new to Fortigate, how can I confirm if the reported group_id is correct (will the id be relevant)?
I doubt it could be related to GUI, as I have another VDOM on the same Fortigate 200D also making use of RSSO for a different Domain and it is functioning correctly. I have checked settings between the 2 VDOMS related to RSSO and Radius configs and they do look the same (with exceptions like secrets and Radius Server IP). Also checked the Radius server and did a Wireshark to see the Radius Attributes being sent and that also looks correct -- I could however be mistaken. But as mentioned enabling and disabling "Device Identification" on the interface does influences the results.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see different users reported fro different source IPs (first line of each firewall auth record).
Group_id is simply ID of the group "networks_rsso_Group" from your 'config user group'.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi xSilver
Had a chance to relook at this issue.
So it is correctly getting usernames and IP and they do appear correct - as you stated (they also display correctly under "User & Device -> Monitor -> Firewall").
I have found now if I go to to the Interface used (same interface as where I am sending accounting information to) and disable "Detect and Identify Devices", the duplicate names under Fortiview go away, however disabling this it shows no User at all, it just displays the IP (and sometimes a Hostname).
If I enable the "Detect and Identify Devices" again on the interface the same behaviour occurs, having the same Username displayed for all the entries even though it is a different IP and so forth.
Any Idea?
Related Posts
- Using FortiSwitch Interfaces in multiple VDOMs 68 Views
- Unable to connect to JPIX's V6... 196 Views
- FG 60F fails to proceed CoA... 450 Views
- Duplicate a working Cisco Router config... 678 Views
- Wifi access with Single Sign-ON 192 Views
Labels
-
FortiGate
6,607 -
FortiClient
1,318 -
5.2
801 -
5.4
639 -
FortiManager
572 -
FortiAnalyzer
417 -
6.0
416 -
5.6
362 -
FortiSwitch
339 -
FortiAP
337 -
FortiClient EMS
269 -
6.2
251 -
FortiMail
248 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
152 -
6.4
128 -
FortiNAC
108 -
FortiGuard
103 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
73 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
63 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
26 -
SD-WAN
26 -
FortiConnect
24 -
High Availability
22 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiPortal
18 -
FortiAuthenticator
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.