Hello All, all I've an issue related to configuring third-party access point with radius server MS NPS, to authenticate through the FortiGate firewall by RSSO, I've followed all instructions and guides however, when I try to log in using the NT credentials the logs shows that the traffic is matching in the implicit deny policy and didn't match on RSSO user group policy however the same name is created on FortiGate user groups and on the NPS policy,
Does anyone know how to deal with this issue?
Who's the source of the RADIUS accounting packets, and who's the intended recipient?
It seems like it's one and the same FortiGate, which seem superfluous. (might as well just deal with authorization via simple RADIUS groups based on group memberships received in Access-Accept)
Apart from the above, check the auth table shortly after the user logs in (diag fire auth list), pay attention to whether the RSSO-type session is there at all, and which group it matched to, if any.
There's also live debug for RSSO, "diag debug app radiusd -1".
User | Count |
---|---|
1923 | |
1144 | |
769 | |
447 | |
279 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.