I want to create Fortigate policies that apply different web filtering
to members of AD security groups, based on student grade levels. I have
followed the Technical Tip: Configuring Radius Single Sign-On using NPS
2019. The students are able to conn...
I'm a new employee to a company with FortiNAC 8.5 and trying to learn
it. My user is a member of FortiNAC's System Administrator profile. When
I'm in the Network Devices / Topology menu and right click Customer or a
container, I do not see the Contro...
In the installation instructions for creating Layer 3 route scope
interface eth1, it says to "Use a different IP for each route scope type
you configure". Does that mean Isolation, Registration, Remediation
interface addresses should have different I...
Hi,It is working now and the Fortigate parses multiple class attributes
and matches the one I need. The settings on the Fortigate were correct
all along. However, the Fortigate wasn't getting the Framed-IP-Address
attribute from the accounting start ...
My co-workers started a ticket with Fortinet. Support is saying the two
classes are concatenated. I'll ask them to verify that the Fortigate can
handle the two class attributes and match against one of them.
Found that the Class attribute data includes the radius ip,
Service-Reboot-Time, and vendor code, serial number, 311 is probably
Microsoft. I still don't know what triggers NPS to send this class and
maybe NPS sends it by default. If so, how does For...
Here is a redacted entry from the radius server logs showing the
concatenated class attribute (in red). I have no idea where the text
before the pipe is coming from or what it is.
"RADIUSSERVER","IAS",02/13/2023,16:35:39,1,"test06","COMPANY\test06","...
I used Wireshark on the NPS and saw the accounting-start messages sent
to the Fortigate. I see two AVPs for Class. One is the expected TestRSSO
and the other is unexpected. I'm guessing the second Class is coming
from our Wifi solution.
