Security

Reply
Occasional Contributor II
Posts: 39
Registered: ‎06-27-2016

How to terminate session for fortinet wireless user to complete health check

Hi

 

I have a fortinet wireless controller  and want to grant users access per to thier authentication and posture (healthy) check.

So I created the required services but I stuck in terminate-session action which required in the WEBAUTH (Agent healthcheck) service, as there is no terminate-session action available for fortinet.

 

So how to force the wireless users to terminate their sessions after the healthy-check 

(I dont want to use bounce-agent action beacuse it causes the user to connect to other wireless network after the agent bounces).

 

Mahmoud

Guru Elite
Posts: 7,863
Registered: ‎09-08-2010

Re: How to terminate session for fortinet wireless user to complete health check

Does your Fortinet controller support RFC 3576?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 39
Registered: ‎06-27-2016

Re: How to terminate session for fortinet wireless user to complete health check

Hi

I am not sure. Will check for this.
But what is the procedure in both cases?

Mahmoud


Sent from Samsung Mobile
Guru Elite
Posts: 7,863
Registered: ‎09-08-2010

Re: How to terminate session for fortinet wireless user to complete health check

If it does, you'll need to find out whether it's a standard DM/CoA format.

If it doesn't, you'll need to use the agent bounce.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 39
Registered: ‎06-27-2016

Re: How to terminate session for fortinet wireless user to complete health check

Hi

So if it supports CoA, then can I use the RADIUS:IETF attributes to terminate the session?
As I didnt find such terminate attribute.

Mahmoud


Sent from Samsung Mobile
Guru Elite
Posts: 7,863
Registered: ‎09-08-2010

Re: How to terminate session for fortinet wireless user to complete health check

You can try using the generic IETF one, however they may require additional
attributes.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: