Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
paul_wulf
New Contributor

Created on ‎03-29-2018 06:40 PM

8021x radius coa

Hi, I'm new with fortiap and fortigate. Does the fortigate/fortiap support a use case with 8021x and radius coa using an external radius server? Documentation of radius coa is refering to web portal use case. I appreciate any documentation or example.
5486
0 Kudos
3 REPLIES 3
emnoc
Esteemed Contributor III

Created on ‎03-30-2018 12:47 AM

Good question, I know coa is a feature supported in fortios. Who has used it fot wireless clients is  been my knowledge. You should test it out and build a report  based on your finding.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1955
0 Kudos
Mike_FTNT
Staff
Staff
In response to emnoc

Created on ‎04-23-2018 11:27 AM

Yes, FortiGate WiFi Controller supports RADIUS CoA on WPA2-Enterprise SSID.

Please refer to:

https://docs.fortinet.com/uploaded/files/4296/fortigate-fortiwifi-and-fortiap-configuration-guide-60...

Find "CoA" at the end of page 40.

1955
0 Kudos
ron_lee
New Contributor
In response to Mike_FTNT

Created on ‎06-14-2018 12:18 AM

Yes, it supports radius authentication to MS-svr NPS, using Fortigate wifi as controller on 5.6.4 i have done it before. , setting up Dynamic vlan too. U will only see one SSID being broadcast, but  the vlan assignment will be done by the NPS server.

 

 

 

config wireless-controller vap edit "wifiVLAN 20" set vdom "root" set ssid "Wifi VL 20" set security wpa2-only-enterprise set auth radius set radius-server "nps" set local-bridging enable set schedule "always" set dynamic-vlan enable set alias vlan20" next

 

 

config user radius edit "RSSO Agent" set rsso enable set rsso-radius-response enable set rsso-validate-request-secret enable set rsso-secret ENC E9cLZfDJ+NyCHq7IvmcOb3Q1m6euYfq2CXoENBpcdYVG5G27NW8oFBSr4wFS0/DFlb7ZtlC7QrllvbCMKCbgEH/cOP/D3fS7CO8rtys6nb9ppLdoS7S4T7tgWFVZhe9+SQE6puM/Q75Frc48FRlgGV4mgYA3fX5uBS9D7zr4VTf3zsVQ0r+XSlu8ujeklpz1PVwKCg== set rsso-endpoint-attribute User-Name set rsso-context-timeout 0 set rsso-flush-ip-session enable next edit "NPS" set server "192.168.2.200" set secret ENC lhVTxUfCx+hCufi1DUq8tMKSykHrkjDZXdAPf5XbM7ROdKtE7YI0g7Q+HLe8Nc86IaBDrtSX9qGX5q4gSZWP81VQpsrvtC6GhdHD3Ql6N3tzfF+GCQ2CvPwL9rbiS3nXp+qOm99DdH5x6eSJANHLtKPPk+H2Dm8AmjXgrl/NPPxmnCc0c7+RiYrJ/NuOtSEhvr/xnw== set auth-type ms_chap_v2 config accounting-server edit 1 set status enable set server "192.168.2.200" set secret ENC N6LJ9Fk+OV17pWRsJtK4QU/UyaSzbUyBGPuOA/p6VREY3jrV0BHiSrcRrnxUPbwCPfLQLM+0LPve9MLuYmz5+PHz5Qq1NylKr/hTZ36M5Mdrl+gnJBrw7+Kqr5PvpRcKZxPJYR0GHSvNzM3lXoBBkJ0j15A9Mk/IZLjx1dXni/GHN2xpLj4GoapjVyLaa/cbyTMS0w== next end next end

1955
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.