Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Silver
New Contributor

Wireless Setup with Third Party

Dear All,

I would like to have some help regarding my scenario, The following below will be use;

 

1) Fortinet Firewall

2) Third party Wireless Controller and access point

3) FortiAuthenticator

All my wireless client will connect using the third party access point. The wireless authentication will be use EAP TLS as all the users will need to use a certificate to connect to the wireless.

 

Anyone can help me how to proceed with the setup and how to configured it. if am not wrong the setup should be follow like that wireless client---->Wireless controller----->Authenticator------>Fortinet Firewall

 

10 REPLIES 10
Carl_Windsor_FTNT

I assume you are looking to so user identification and Identity Based Policy.  How you integrate depends on which vendor.  We can integrate with Aruba to detect logins using our API.  Other vendors we can use either their RADIUS Accounting to FSSO (preferred) or Syslog to FSSO.  

 

Carl 

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Silver
New Contributor

Hello Carls,

Thank you for your reply.  I will use Ruckus wireless controller for this setup. Can you advise me how to configure it step by step. Which devices and authentication come first and follow;

 

Thanks

Carl_Windsor_FTNT

I have never worked with a Ruckus Wireless Controller however, a quick Google shows that they have the ability to send a RADIUS Accounting packet to a third party device:

 

https://cloud4wi.zendesk.com/hc/en-us/articles/200537566-Ruckus-Wireless-devices-Controller-mode-and...

 

Send these to the FortiAuthenticator and use the FSSO RADIUS Accounting feature to translate them into FSSO User entries.  This should just be a case of translating the RADIUS Attribute values correctly e.g.

 

Username attribute: User-Name Client IP attribute: Calling-Station-Id User group attribute: Group

 

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Silver
New Contributor

Dear Carls,

If i would like to do the same setup using certificate for each client to connect to the wireless instead of using username and password from windows AD.

 

Can you advise me how to do it

I would like all my devices like windows machines, IPAD,Mobile phone connect to the wireless network and using only a certificate and if their is no certificate on the device, it should not be able to connect to my network. For the mobile device can you tell me also how they will get the certificate install on the device. I would like also on my Fortiauthenticator act as my root ca and device certificate  for my devices.

 

Thanks 

Silver
New Contributor

Hi,

Any help plz

Carl_Windsor_FTNT

To perform client certificate based authentication you would need to configure your auth client and wireless device to use EAP/TLS. 

 

PM me and I will send you a link to the draft EAP/TLS Guide for you to take a look at.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Silver
New Contributor

Hi Carl,

 

Thank you for your reply. Please do not forget to share me the link. 

For each users i need to create a certificate or how its work. i would like to link to LDAP user and at the same time using a certificate or if their is no need to link with LDAP i will only use certificate for wireless authentication.

 

Awaiting your plz

Thanks

Silver
New Contributor

Hi,

Any update plz

seadave
Contributor III

Looking to do something similar with Ruckus.  This post uses NPS and user domain logins to register users with FSSO.  Might have some content that is relevant to your solution:

 

http://travelingpacket.com/2015/07/23/fortigate-radius-sso-with-ruckus-802-1x-logins-using-nps/

 

Labels
Top Kudoed Authors