Dear All,
I would like to have some help regarding my scenario, The following below will be use;
1) Fortinet Firewall
2) Third party Wireless Controller and access point
3) FortiAuthenticator
All my wireless client will connect using the third party access point. The wireless authentication will be use EAP TLS as all the users will need to use a certificate to connect to the wireless.
Anyone can help me how to proceed with the setup and how to configured it. if am not wrong the setup should be follow like that wireless client---->Wireless controller----->Authenticator------>Fortinet Firewall
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I assume you are looking to so user identification and Identity Based Policy. How you integrate depends on which vendor. We can integrate with Aruba to detect logins using our API. Other vendors we can use either their RADIUS Accounting to FSSO (preferred) or Syslog to FSSO.
Carl
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Hello Carls,
Thank you for your reply. I will use Ruckus wireless controller for this setup. Can you advise me how to configure it step by step. Which devices and authentication come first and follow;
Thanks
I have never worked with a Ruckus Wireless Controller however, a quick Google shows that they have the ability to send a RADIUS Accounting packet to a third party device:
Send these to the FortiAuthenticator and use the FSSO RADIUS Accounting feature to translate them into FSSO User entries. This should just be a case of translating the RADIUS Attribute values correctly e.g.
Username attribute: User-Name Client IP attribute: Calling-Station-Id User group attribute: Group
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Dear Carls,
If i would like to do the same setup using certificate for each client to connect to the wireless instead of using username and password from windows AD.
Can you advise me how to do it
I would like all my devices like windows machines, IPAD,Mobile phone connect to the wireless network and using only a certificate and if their is no certificate on the device, it should not be able to connect to my network. For the mobile device can you tell me also how they will get the certificate install on the device. I would like also on my Fortiauthenticator act as my root ca and device certificate for my devices.
Thanks
Hi,
Any help plz
To perform client certificate based authentication you would need to configure your auth client and wireless device to use EAP/TLS.
PM me and I will send you a link to the draft EAP/TLS Guide for you to take a look at.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Hi Carl,
Thank you for your reply. Please do not forget to share me the link.
For each users i need to create a certificate or how its work. i would like to link to LDAP user and at the same time using a certificate or if their is no need to link with LDAP i will only use certificate for wireless authentication.
Awaiting your plz
Thanks
Hi,
Any update plz
Looking to do something similar with Ruckus. This post uses NPS and user domain logins to register users with FSSO. Might have some content that is relevant to your solution:
http://travelingpacket.com/2015/07/23/fortigate-radius-sso-with-ruckus-802-1x-logins-using-nps/
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.