Hi everyone,
At the moment I'm trying to get RSSO working, we have MS NPS so no passing groups to the firewall :\ but based on running auth list the fortinet does "know" who the user is connected to an IP address.
firewall-01 # diagnose firewall auth list
x.x.x.x, user@domain.com type: rsso, id: 0, duration: 801, idled: 801 flag(10): radius server: root packets: in 0 out 0, bytes: in 0 out 0
My problem is translating this into something I can use in policies, I tried creating RADIUS users and adding them to policies however this does not work, I tried using an LDAP group containing the same usernames that the fortinet "sees" through RSSO but this also did not work every time I try to generate traffic that would trigger this policy I end up on a fortinet captive portal page where I need to login again.
What am I missing?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Technical detail I left out:
- We're trying this with FortiOS 7 (it's a new location so while the place is in "beta" we can also try stuff)
Created on 05-11-2021 09:44 AM
Bump? No-one here uses RSSO?
Created on 05-11-2021 10:15 AM
Based on the updated docs for 7.0.0 it seems to me that RSSO only allows the creation of "groups" based on the presence of an attribute in the RADIUS accounting package which can then be used in policies while it is not actually possible to directly do anything with the usernames learnt through RSSO.
Given that not all radius servers seem to allow adding properties like group membership to the accounting packages being forwarded this would seem to be a missing feature.
Created on 07-26-2021 02:23 PM
Just a minor update - based on our contact with Fortinet support it seems that indeed it is not possible to use the username that was learned through RSSO at this time.
I hope that maybe they'll add this feature at some point in the future.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.