I'm trying to enable policy rules for VPN connections based on remote radius groups. I have defined a few different groups mapping to groups returned by the radius server.
I've debugged with 'diagnose test authserver radius' that my user belongs to several groups, and we also use on for the groups for a Remote+Wildcard administrator.
However, it doesn't seem to work when I add the same group to policy rules. Checking the "Firewall User Monitor" only lists the user as "ssl_vpn_group", which is a remote group defined as "Any".
The more specific groups are not defined under Authentication/Portal Mapping, only the "Any" group. Might that be the case?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.