Security

 View Only
last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Radius Accounting issue

This thread has been viewed 30 times
  • 1.  Clearpass Radius Accounting issue

    Posted Oct 02, 2018 12:01 PM

    hi everyone,

     

    We're using Clearpass v6.7patch5, Aruba Instant v6.5.4.8 and FortiGate v6.0.2.

     

    The issue is with Radius Accounting Proxy. Clearpass stops to send the attribute Filter-ID to FortiGate so the user won't get the correct Usergroup configured on the FortiGate unit.

     

    I've started a packet capture on FortiGate unit and can see the Radius Accounting hitting the interface, but the attribute is missing.

     

    On ClearPass, Live Monitoring > Accounting, I can see the username and after some minutes it's stops. The IAP configured accounting interim update is 2min.

     

    I used the Fortinet TechNote and configured only the Accounting Proxy option.

     

    Any ideia?



  • 2.  RE: Clearpass Radius Accounting issue

    Posted Jun 25, 2019 02:12 PM

    Hi,

    Any solution to this issue? We are having the same problem! We are running ClearPass 6.8. Packet capture at the fortigate network interface shows that ClearPass stops sending the Filter-Id attribute after a few radius interim updates.

     



  • 3.  RE: Clearpass Radius Accounting issue
    Best Answer

    Posted Jun 25, 2019 02:33 PM
      |   view attached

    Hi Heraldo!

     

    I had a friend that was working with TAC and they suggest the configuration attached.

     

    That works for me.



  • 4.  RE: Clearpass Radius Accounting issue

    Posted Jun 25, 2019 03:05 PM

    Hi Andre,

    Thanks for the reply!

    I will try this configuration and see if it works for me too. Did you have to restart Policy Server after changing this parameter? Did it work for you right after the change was made?

    Regards,



  • 5.  RE: Clearpass Radius Accounting issue

    Posted Oct 08, 2019 04:36 PM

    No restart needed and yes, I could see this working right away.



  • 6.  RE: Clearpass Radius Accounting issue

    Posted Aug 29, 2024 10:47 AM

    I  can confirm this still works in 2024. We tried doing the official FortiManager/Clearpass API and it just wouldn't work. Ended up doing RSSO and it worked much better. Hit rate is 99% on matching users. Before this setting, 50% was about as high as we could get.