Hello Guys,
I am a bit stuck on something I want to achieve, but not sure how to complete the required.
Please see the below low down:-
Successfully create a RADIUS and LDAP Server, with a successful query.
I have created two SSL VPN Portals
[ul]From each of the portals I want the following to happen:-
[ul]Is it possible, for a RADIUS Auth user, to get the relevant SSL VPN Portal config, based on their LDAP query?
I have achieved the above previously with Juniper/Pulse, but this is my first time trying with the Fortigate. Running latest version 7.0.1 (as 7.0 broken LDAP queries from the GUI and I was getting ldap-3) :)
Any help much appreciated!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
You radius server check LDAP for authentication and return relevant group information.
Hey Steve,
FortiGate would NOT perform an LDAP query after RADIUS auth.
It would allow getting group information from the RADIUS reply itself and matching local user groups on FortiGate based on the RADIUS attributes. The SSLVPN portal (and split-tunneling) would be selected based on group information in the RADIUS reply.
You might want to check this:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-A-quick-guide-to-FortiGate-SSL-VPN-authent...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Authentication-Remote-server-group-match-o...
essentially:
- ensure your RADIUS server response includes the Fortinet-Group-Name attribute
-> depending on the RADIUS server, you can ensure that it includes the Fortinet-Group-Name based on LDAP group lookup (something roughly like this can be done on FortiAuthenticator, for example)
- match into groups on FortiGate based on this attribute
- match SSLVPN portal based on the group
Fortinet RADIUS dictionary:
https://community.fortinet.com/t5/FortiDDoS/Technical-Tip-Fortinet-RADIUS-attribute/ta-p/194896
I hope that helps :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.