Security

Using 6.3.1.15

 

We have setup a basic wifi network which auths against a windows radius server.

 

All is working fine in that the user auths and the controller and airwave see all the users login details.

 

The problem we are having is that the fortigate firewall is not seeing the usernames and therefore not pulling them into the correct rule set.

 

Can any give any suggestions or help in trying to solve this one.

Does your Fortigate firewall support RADIUS accounting? If so, you’ll have to set it up as a RADIUS accounting server in your AAA profile.

Yes the fortigate does.

 

So at the moment the windows radius server auth all users and they are all access the network fine.  The problem is that the fortigate is not see the auth username so not putting into any rules when they go external.

 

So you are saying the the fortigate details should in AAA profile on the aruba controller?

 

You should define the fortigate as a radius server and then add it as an aaccounting server in the AAA profile. You'll also likely need to check the multiple accounting server check box.

Thanks,
Tim

Finally got back to re-visiting this.

 

Current state

 

User auths against a windows radius server and that is passed to the outside via a fortigate firewall.  Problem is that the fortigate is not seeing any of the usernames so is just placing it into the guest role.

 

The fortigate is setup in the AAA profile and I believe all is fine on the windows and firewall side, but obviously something is missing.

 

Anyone setup this up before and got any ideas on areas to check.

In my TechNote that covers CPPM and Fortinet integration, I cover the setup of CPPM and Fortinet with radius-accounting. 

 

There is a good level of detail of how to setup the radius-accounting Fortigate/FortiAuthenticator products.... hopefully you'll find enough info to assist with your accounting setup......

 

CPPM TechNote - 3rd Party Enforcement Points (Fortinet) V1.1