Security

 View Only
  • 1.  Clearpass - Accounting Proxy

    Posted Sep 18, 2018 09:37 AM

    Hi All,

     

    I have a scenario with Clearpass, Wireless Controller and RAPs in bridge mode on branches. On each branch I have a Fortinet firewall that does the web filter inspection.

    We've configured Clearpass to send the Accounting Radius to the Fortinet Firewall successfully. However we are observing an abnormal behavior of Accounting Radius sent and in the  packet capture we have identified that the Clearpass is sending Radius Start and after a few seconds Radius Stop. Making users disconnect from the RSSO rule in Fortinet.

    By the capture analysis the cause of Radius STOP was idle user timeout.

    Radius-Stop.JPG

    In the AAA profile I have not configured the user idle timeout.

    AAA-Profile.JPG

    Has anyone ever been in this situation?

     

    Thanks,

    Ed



  • 2.  RE: Clearpass - Accounting Proxy

    Posted Jan 29, 2019 10:42 PM

    Hi 

     

    Can you share me an attribute which is selected and sent to Fortigate on Accouting proxy page 

     

    Thanks!

     



  • 3.  RE: Clearpass - Accounting Proxy

    Posted Jan 30, 2019 04:51 AM

    Hi

    You must use the 11-Filter-ID attribute in Clearpass.

    By default, Fortigate uses the Class attribute. Then you must change it in the fortigate to accept the 11-Filter-ID attribute.


    This document ca guide you how to perform the configuration.

     

    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=18160

     

    Thanks.



  • 4.  RE: Clearpass - Accounting Proxy

    Posted Jan 30, 2019 11:39 PM

    Thank you for your reply.

    I can't download file from your link 

     

    A critical error has occurred.
    Could not find a part of the path 'G:\SupportSite\S3Directory\d4760e86-ded6-453d-8980-d97f45dd550e\CPPM TechNote - 3rd Party Enforcement Points (Fortinet) V1.1.pdf. 

     

     



  • 5.  RE: Clearpass - Accounting Proxy

    Posted Jan 31, 2019 06:25 AM
      |   view attached

    It looks like there is a problem on the aruba support site.

     

    See if you can download from this post.