Occasional Contributor I

Clearpass user isolation by Fortigate virus detection

Hi All,


I've set up a Clearpass server as a radius server and a Fortigate firewall.


Can i connect those two together with syslog or something? So when a user is blocked by fortigate because of virus isues. Clearpass recieves a message and puts the user in a restricted vlan.


When the user is a Smartphone he gets a different threatment than a IPcam. for example. a smartphone get blocked by three violations and an IPcam immediately.


Someone know a solutions?




Guru Elite

Re: Clearpass user isolation by Fortigate virus detection

You (or your ClearPass Partner) would need to build an Ingress Event Engine dictionary for Fortigate. We do not have one available today.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Clearpass user isolation by Fortigate virus detection

Thanks i'll try that.

But what option do i chose for "configuration->Network->event sources"?

only checkpoint, infoblox, palo alto and Juniper are availabe.

does the vendor matter or is it for all syslog the same?



New Contributor

Re: Clearpass user isolation by Fortigate virus detection

Have you had any success with this?

I note that the following link states dictionaries for ingress control with fortinet are included as of 6.6.1


The new Ingress Event Engine enables ClearPass to process Syslog events from third-party devices to make

policy changes in realtime. For example: (#28446, #29415, #30254, #32451)

-  A third-party device could signal to a ClearPass appliance to quarantine or block a user if the contents indicate the presence of malware.

- Syslog dictionaries from leading vendors such as Palo Alto Networks, Checkpoint, Juniper Networks, and Fortinet are included by default.


Search Airheads
Showing results for 
Search instead for 
Did you mean: