1

I have a FortiGate and I can connect it to Windows NPS radius, and the simple user test works (under User&Auth>>Radius Servers ...).

I then proceed to setup admin logins to the FortiGate, using AD accounts via Radius, and that works.

I then setup FortiGate SSLVPN login, and instruct it to use AD accounts via Radius, and it doesn't work.

But ... when I shift the SSLVPN Network Policy above the Web Admin Login policy, then logging into SSLVPN works, but logging into Fortigate website as an admin does not work.

Upon further investigation, i notice that the Fortigate passes to the radius server the following unique values during the login process:

For Web Login: AVP: t=Connect-Info(77) l=13 val=admin-login For SSLVPN Login: AVP: t=Connect-Info(77) l=9 val=vpn-ssl

Question: How can I get Windows Radius to use these outputs to select the correct Network Policy to use?

Improve this question

1 Answer 1

Reset to default
3

This guide covers how to configure the NPS feature in Windows Server and the Fortigate authentication to require a specific group match for VPN authentication versus administrator authentication.

This blog (even though the pictures are gone) mentions some specifics on the admin user authentication group matching, as it needs to be configured separately.

Improve this answer
2
  • 1
    You should construct the answer with code from your sources. You never know when the sites are not available anymore. Commented May 14 at 7:44
  • You're right but it is a huge amount of information. Too big to cover here and there is plenty of reliable support information from Fortinet and Microsoft for the general guides. These blogs are basically walkthroughs for those who want a more convenient answer. There are many youtube and other sources as well. If someone wants to rebuild the whole guide here that is fine with me but I don't think it can reasonably fit this kind of format without enough editing to make it less useful. Commented May 15 at 19:27

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.