We're using Clearpass v6.7patch5, Aruba Instant v18.104.22.168 and FortiGate v6.0.2.
The issue is with Radius Accounting Proxy. Clearpass stops to send the attribute Filter-ID to FortiGate so the user won't get the correct Usergroup configured on the FortiGate unit.
I've started a packet capture on FortiGate unit and can see the Radius Accounting hitting the interface, but the attribute is missing.
On ClearPass, Live Monitoring > Accounting, I can see the username and after some minutes it's stops. The IAP configured accounting interim update is 2min.
I used the Fortinet TechNote and configured only the Accounting Proxy option.
Any solution to this issue? We are having the same problem! We are running ClearPass 6.8. Packet capture at the fortigate network interface shows that ClearPass stops sending the Filter-Id attribute after a few radius interim updates.
I had a friend that was working with TAC and they suggest the configuration attached.
That works for me.
Thanks for the reply!
I will try this configuration and see if it works for me too. Did you have to restart Policy Server after changing this parameter? Did it work for you right after the change was made?
No restart needed and yes, I could see this working right away.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.