Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass with Fortinet Integration - Thoughts

This thread has been viewed 43 times

  • 1.  Clearpass with Fortinet Integration - Thoughts

    Posted Mar 16, 2017 10:10 AM

    Hi All,

     

    We are currently thinking about moving to a full Aruba solution when it comes to our wireless infrastructure.  We currently use Fortinet as our Firewall.

     

    Was just wondering if the community had any information or advice from people who currently have the same setup (ClearPass with Fortinet Firewall integration).  How does it work? Pros vs Cons?  What could be improved?  Overall are you satisfied with the amount of control you have?

     

    We are all ears at this point so feel free to mention anything that could be helpful going forward.

     

    Thanks!



  • 2.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Mar 18, 2017 08:38 PM

    Tanner,

     

    Today there is an existing TechNote I authored a couple of years back you can read on the support site. I'm currently working directly with Fortinet to bring a new API based integration out but I'm a few week out yet before this will likely be available.

     

    Can you tell me what use-cases you have in mind for the CPPM/Forti-OS integration?



  • 3.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Dec 21, 2017 09:45 AM

    Hi Danny, I'm working on doing this same CCPM - Fortiauthenticator integration.  Were you able to come up with updated technote for this proceedure?  



  • 4.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Dec 22, 2017 07:38 PM

    Alas, the API's I've had so far fall short of providing the functionality we need. I'm currently waiting for FortiOS 6.0 beta, hoping this will provide what we need. :-)



  • 5.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Feb 21, 2018 04:13 AM

    Hi Danny,
    could you provide some details re. the functionality you need ?
    We're currently looking at purchasing new firewall and have to decide between two brands one of which is Fortinet. We'd like a good integration between FW and CPPM.



  • 6.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Apr 17, 2018 12:49 PM

    I'm curious of the status of this post as FortiOS 6.0 is officially released. Also I'm Wondering has authored a Vendor VSA update for Fortinet devices since I'd like to send all admin login RADIUS requests directly to CPPM instead of FortiAuthenticator. FortigateOS doesn't have a place to set an RFC-3576 server setting for RADIUS Accounting so I can see why you do Some accouting via the FortiAuthenticator for logins, but I'd like to not have to go to FortiAuth and skip directly to CPPM. I'm hoping someone's done all the XML-Fu to create an update to the Fortigate VSA's....please?

     

    Thank you



  • 7.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Jun 07, 2018 10:55 AM

    Hi Danny, have you guys had a chance to look into this since the relase of 6.0 (now 6.0.1)?  I'd love to get some integration working if possible, primarily we just need to pass the users login info and device address onto the firewall if possible.

     

    Thanks for your time!



  • 8.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Oct 25, 2018 09:00 AM

    You can add the Fortigate as an Accounting Proxy target, to the service.

    Under Fortigate you set up "Radius SSO".

    Works fine with my Fortigates.

     

    What is not working for you?



  • 9.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Jun 06, 2019 12:35 PM

    Hi, I have some troubles with ClearPass and Fortigate integration. Probably you can recomend me something, what to troubleshoot, where to find a problem. I will describe my situation, probably you can say something.

     

    Pair of Fortigate in Active-Passive

    CPPM

    Two different buildings with Wi-Fi. Virtual VLC at each.

    Using SSID with Radius in first building - I have right access, mean that Fortigate receive correct info about my groups and bypass me through correct policy.

    The same SSID in Second building, I dont receive auth information, so Fortigate bypass me through "guest" policy, mean I dont receive assignement to the group.

     

    When I check Access Tracker in CPPM, in both building they are equal. Absolutely the same info (Request, Response, etc).

     

    Weird situation.

    Thanks for any help or minds.

     

    Igor



  • 10.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Oct 25, 2018 08:53 AM
    Any news from Aruba about this topic? Thx


  • 11.  RE: Clearpass with Fortinet Integration - Thoughts

    Posted Dec 20, 2022 04:51 PM
    Old string... Any update Aruba?
    Original Message


  • 12.  RE: Clearpass with Fortinet Integration - Thoughts

    EMPLOYEE
    Posted Dec 21, 2022 04:00 AM
    There are multiple integrations with Fortinet, so not sure what you are looking for.

    Two parts of documentation are available from the ClearPass Tech Notes. If you search or ask for some specific integration people may be able to help you.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message