Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tim29
New Contributor

NPS Accounting to Fortigate

Hi

We are currently setting up Radius AD and we need to pass the credentials from Windows NPS to Fortigate.

I've been looking through the guides on how to do this, but I cannot get our Domain Controller to pass the information over to Fortigate, after I have logged onto the Guest wifi, it will see it as just an IP on the Logs.

I have tested it with the NTRadPing Utility on 1813 for Accounting Start and this comes up with Successful, but if I add in an Attribute of Acct-Status-Type=Start it then times out On NPS im not totally sure I have got the Attributes correct to pass to fortigate correctly. I've got the same value in the Radius Attribute Value that I have in class on NPS, as testing I have used unrestricted, but what I cannot find is what that should be corresponding to, is this just a value I make up, or does this link to something else in fortigate? I've been looking over the last few days and Im just getting confused now!

 

Thanks

 

 

 

1 REPLY 1
xsilver_FTNT
Staff
Staff

Hi Tim29,

as it seems to me that you'd like to authorize the traffic from users who authenticated to WiFi via NPS.

Then I guess you are looking for something called RSSO in FortiGate world.

Which is basically RADIUS Accounting packets processed by FortiGate to create authorized users and then authorize their traffic and log such transfers through firewall.

 

I would start for example from here: Docs site and how the final logging looks like but it contains links to pre-requisite setup of RSSO Agent https://docs.fortinet.com/document/fortigate/6.4.1/administration-guide/266545/rsso-information-for-...

 

HINT: RADIUS server (NPS in your case) is usually NOT the source of Accounting data. And do not need to be. The NAS, RADIUS client, usually IS the source. In your case it could be Wireless Controller (WLC) or Access Point (AP).

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Labels
Top Kudoed Authors