We have installed Fortigate 600C firewall. It needs Radius Start and Stop notifications to allow users to pass-thru who are already authenticated using 802.1x authentication against our NPS server.
I read on a forum on microsoft which says that we have to configure NAS in a way that it generates notifications. In our case our controllers 3400 are NAS.
My question is how we can set controllers to send Start-Accounting and Stop-Accounting notifications to Fortigate firewall having IP address of 192.168.100.254?
Following is the link where I read that NAS needs to be configured to send notifications:
I am running 126.96.36.199. I will update the code version and will give it a go.
Thanks for your help.
One more quick question.
Just for testing I have done what you have suggested. I can see users are establishing on Fortinet firewall. However under username the mac address of the client appears. Is it something we need to change on our NPS or on Aruba controller? If should send the actual usernames of the clients, isn't it?
Any ideas please? I am getting devices mac addresses instead of usernames.
I have solved it. I have changed RSSO attribute to read Usern-Name instead of Calling-Station-Id on our Fortinet 600C firewall.
First I have set accounting server on Aruba controller 3400 under AAA profile.
And this is how I have done on Fortinet:
config user radius
set rsso-endpoint-attribute User-Name
This may help others too.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.