Just had an interesting experience when updating an HA a-p setup. The
failover unit was re-installed earlier this year due another issue. When
updating firmware, it turns out the passive unit had an older version of
the Internet Service Database Defi...
Hi, I inherited an active-passive setup of two 60E units. As I
understand, each unit connects to a separate Cisco switch for
redundancy. This have been running great for a few years, but after the
service provider conducted maintenance on their switc...
I'm working on RADIUS authentication together with MS NPS and Azure
MFA.So far, it works great when using "app notification". As in, a
simple confirmation button in the app. What I'm trying to achieve right
now is to use the verification code from th...
All guides I've seen with integration Fortigate with a MS NPS Radius
server is based on static single group definition for the
Fortinet-Group-Name attribute. Are there any known extensions or
implementations that allows for a dynamic set of groups to...
Do I need add two groups in the firewall to be able to use the same LDAP
group for both FSSO type of rules, and SSL-VPN rules? Or did I miss
something obvious?
Hi, The error came from an internal NPS extension. I didn't experience
any problems using only the bundled extensions, so can't really say what
the issue is. The NPS server should give some hints via the Event log
though.
Yes, the configuration was in sync before the upgrade. The
config-error-log shows no errors. I still have a second upgrade to do,
so will check versions between the two different units. If I understand
correctly, the normal procedure would be that th...
Never mind this. This was our internal NPS extension behaving
differently when the authorization request came from a challenge request
instead of the regular accept request.
To answer my own question, I ended up writing a small NPS module, using
the OpenCymd framework. Not in production yet, but seems to work alright
in testing.
