Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hussain1
New Contributor II

Created on ‎03-26-2023 03:40 AM

Show username instead of IP in Logs / Firewall User Monitor - Clearpass/WiFi Users

Hello, 

 

I'm running Juniper MiST solution and all users are authenticated using Aruba ClearPass Radius against Active Directory. 

 

Recently, I implemented FortiGate F1801 and wanted to see the authenticated user accounts/names instead of the IP Address. 

 

Any guide in doing this config? I have followed multiple KB articles, but still not able to see the Authenticated Users in Clearpass to appear in FortiGate. 

 

Any help on this please?

 

Regards, 

 

Labels:
315
0 Kudos
1 Solution
Hussain1
New Contributor II

Created on ‎03-27-2023 03:49 AM

Hi All, 

The issue was resolved. 

  1. You will need to create Target Proxy in the Aurba ClearPass
  2. Configure Secret and Authentication and Accounting Ports, default 1812, 1813. 
  3. Configure the clearpass 802.1x services with Accounting, and Select Target Proxy created in step#1. 
  4. Make sure the Accounting Proxy has the Radius Attributes; 
    1. Radius:IETF
    2. Filter-Id
  5. In FortiGate Firewall, you will need to configure External RSSO Agent and use the secret used in step#2
  6. Job Done. 

All your user accounts authenticated in Clearpass will be able to appear in FortiGate Firewall. 

 

Thanks, 

 

View solution in original post

254
0 Kudos
5 REPLIES 5
srajeswaran
Staff
Staff

Created on ‎03-26-2023 03:47 AM

Are you trying to get the user name in traffic logs or under the monitor tab for firewall users? Can you share a screenshot?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
311
0 Kudos
Hussain1
New Contributor II
In response to srajeswaran

Created on ‎03-26-2023 03:53 AM

Hi Sraj, 

 

Yes, I'm trying to display the username in traffic logs instead of the IP. Even in FAZ also, all what i'm getting is IP only. And since we have a huge DHCP pool, it would be very difficult to trace. FortiNet Logs.JPG

Thanks, 

307
0 Kudos
srajeswaran
Staff
Staff
In response to Hussain1

Created on ‎03-26-2023 10:45 PM

Is the firewall policy configured with user auth? Or the clear-pass is integrated with Fortigate? I am trying to understand if the firewall is aware about the user id check or it process the traffic based on L3/L4 information

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
276
0 Kudos
Hussain1
New Contributor II
In response to srajeswaran

Created on ‎03-26-2023 10:49 PM

Hi Sraj, 

Yes, I have configured the RADIUS Server and, in Clearpass I configured a Target Proxy, defined the IP address of the Firewall, and in each service of Clearpass, I made sure the ProxyTarget is checked in each policy and FortiNet selected as a Target Proxy as defined earlier, 

 

but I'm not getting any traffic pass from Clearpass to FortiNet. 

 

Any help, would be appreciated. 

 

Thanks, 

 

271
0 Kudos
Hussain1
New Contributor II

Created on ‎03-27-2023 03:49 AM

Hi All, 

The issue was resolved. 

  1. You will need to create Target Proxy in the Aurba ClearPass
  2. Configure Secret and Authentication and Accounting Ports, default 1812, 1813. 
  3. Configure the clearpass 802.1x services with Accounting, and Select Target Proxy created in step#1. 
  4. Make sure the Accounting Proxy has the Radius Attributes; 
    1. Radius:IETF
    2. Filter-Id
  5. In FortiGate Firewall, you will need to configure External RSSO Agent and use the secret used in step#2
  6. Job Done. 

All your user accounts authenticated in Clearpass will be able to appear in FortiGate Firewall. 

 

Thanks, 

 

255
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.