Security

Reply
L36
Occasional Contributor II
Posts: 19
Registered: ‎04-08-2015

Windows Radius auth, but fortigate not seeing usernames

Using 6.3.1.15

 

We have setup a basic wifi network which auths against a windows radius server.

 

All is working fine in that the user auths and the controller and airwave see all the users login details.

 

The problem we are having is that the fortigate firewall is not seeing the usernames and therefore not pulling them into the correct rule set.

 

Can any give any suggestions or help in trying to solve this one.

Guru Elite
Posts: 8,048
Registered: ‎09-08-2010

Re: Windows Radius auth, but fortigate not seeing usernames

Does your Fortigate firewall support RADIUS accounting? If so, you’ll have to set it up as a RADIUS accounting server in your AAA profile.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
L36
Occasional Contributor II
Posts: 19
Registered: ‎04-08-2015

Re: Windows Radius auth, but fortigate not seeing usernames

Yes the fortigate does.

 

So at the moment the windows radius server auth all users and they are all access the network fine.  The problem is that the fortigate is not see the auth username so not putting into any rules when they go external.

 

So you are saying the the fortigate details should in AAA profile on the aruba controller?

 

Guru Elite
Posts: 8,048
Registered: ‎09-08-2010

Re: Windows Radius auth, but fortigate not seeing usernames

You should define the fortigate as a radius server and then add it as an aaccounting server in the AAA profile. You'll also likely need to check the multiple accounting server check box.

Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
L36
Occasional Contributor II
Posts: 19
Registered: ‎04-08-2015

Re: Windows Radius auth, but fortigate not seeing usernames

Finally got back to re-visiting this.

 

Current state

 

User auths against a windows radius server and that is passed to the outside via a fortigate firewall.  Problem is that the fortigate is not seeing any of the usernames so is just placing it into the guest role.

 

The fortigate is setup in the AAA profile and I believe all is fine on the windows and firewall side, but obviously something is missing.

 

Anyone setup this up before and got any ideas on areas to check.

Moderator
Posts: 470
Registered: ‎11-09-2012

Re: Windows Radius auth, but fortigate not seeing usernames

In my TechNote that covers CPPM and Fortinet integration, I cover the setup of CPPM and Fortinet with radius-accounting. 

 

There is a good level of detail of how to setup the radius-accounting Fortigate/FortiAuthenticator products.... hopefully you'll find enough info to assist with your accounting setup......

 

CPPM TechNote - 3rd Party Enforcement Points (Fortinet) V1.1


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: