Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hussain1
New Contributor II

Show username instead of IP in Logs / Firewall User Monitor - Clearpass/WiFi Users

Hello, 

 

I'm running Juniper MiST solution and all users are authenticated using Aruba ClearPass Radius against Active Directory. 

 

Recently, I implemented FortiGate F1801 and wanted to see the authenticated user accounts/names instead of the IP Address. 

 

Any guide in doing this config? I have followed multiple KB articles, but still not able to see the Authenticated Users in Clearpass to appear in FortiGate. 

 

Any help on this please?

 

Regards, 

 

1 Solution
Hussain1
New Contributor II

Hi All, 

The issue was resolved. 

  1. You will need to create Target Proxy in the Aurba ClearPass
  2. Configure Secret and Authentication and Accounting Ports, default 1812, 1813. 
  3. Configure the clearpass 802.1x services with Accounting, and Select Target Proxy created in step#1. 
  4. Make sure the Accounting Proxy has the Radius Attributes; 
    1. Radius:IETF
    2. Filter-Id
  5. In FortiGate Firewall, you will need to configure External RSSO Agent and use the secret used in step#2
  6. Job Done. 

All your user accounts authenticated in Clearpass will be able to appear in FortiGate Firewall. 

 

Thanks, 

 

View solution in original post

7 REPLIES 7
srajeswaran
Staff
Staff

Are you trying to get the user name in traffic logs or under the monitor tab for firewall users? Can you share a screenshot?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Hussain1

Hi Sraj, 

 

Yes, I'm trying to display the username in traffic logs instead of the IP. Even in FAZ also, all what i'm getting is IP only. And since we have a huge DHCP pool, it would be very difficult to trace. FortiNet Logs.JPG

Thanks, 

srajeswaran

Is the firewall policy configured with user auth? Or the clear-pass is integrated with Fortigate? I am trying to understand if the firewall is aware about the user id check or it process the traffic based on L3/L4 information

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Hussain1

Hi Sraj, 

Yes, I have configured the RADIUS Server and, in Clearpass I configured a Target Proxy, defined the IP address of the Firewall, and in each service of Clearpass, I made sure the ProxyTarget is checked in each policy and FortiNet selected as a Target Proxy as defined earlier, 

 

but I'm not getting any traffic pass from Clearpass to FortiNet. 

 

Any help, would be appreciated. 

 

Thanks, 

 

Hussain1
New Contributor II

Hi All, 

The issue was resolved. 

  1. You will need to create Target Proxy in the Aurba ClearPass
  2. Configure Secret and Authentication and Accounting Ports, default 1812, 1813. 
  3. Configure the clearpass 802.1x services with Accounting, and Select Target Proxy created in step#1. 
  4. Make sure the Accounting Proxy has the Radius Attributes; 
    1. Radius:IETF
    2. Filter-Id
  5. In FortiGate Firewall, you will need to configure External RSSO Agent and use the secret used in step#2
  6. Job Done. 

All your user accounts authenticated in Clearpass will be able to appear in FortiGate Firewall. 

 

Thanks, 

 

nb_
New Contributor

Hi,


Not working with me.

May I see your configuration?

Thanks

CyberFortiConquer

Many thanks for sharing this.

Could you please share config details?

I have integrated ClearPass with FortiManager, but get role info, not actual user info.

I am going to follow this:

https://docs.fortinet.com/document/fortigate/7.0.10/administration-guide/85730

Would I be able to get user info?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors