Hi guys,
Sorry, probably it could be offtopic, could you please explain me auth traffic flow between Fortigate - RSSO CPPM - AD ?
For some devices in my network, I have some issues with authentication. I will give you two examples:
Two sites, each with virtual controller and AP Aruba, both controllers have identical config. If I try to authenticate my iPhone on site 1 (iPhone is not in the domain) with my domain credetials to connect to Wi-Fi 802.1x, everything works fine, Fortigate associates my iPhone to correct group and traffic bypass correct policy. If I try to do the same on site 2, Fortgate sees my login, but do not associate my username to correct group and traffic bypass wrong policy.
What could be the issue? RSSO? Configuration of Enforcement?
Screenshot log.png:
1. First and second line - on site 2
2. Third line - on site 1
Third line - correct policy, Firts and second - wrong.
User is authenticated and has internet connection. The difference is only which policy access this traffic on Fortigate. Since I would like to have all traffic authenticated, I cannot user anymore policy for unauthenticated traffic.
Screenshot fgt.png - Fortigate sees three lines similarly. Probably it can give you some ideas also.
Please give me some ideas. Thanks!