Hello everyone,

My radius device is a MAG2600(UAC) My Firewall Is a Fortigate 100D, I am having a hard time getting radius setup for admin login into the FW itself.

I know my issue is more so on the MAG2600 and the VSA dct file i have to manually configure.

This is what Fortinet provides which doesn't work at all.

VENDOR Fortinet 12356
BEGIN-VENDOR Fortinet
ATTRIBUTE Fortinet-Group-Name 1 string
ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr
ATTRIBUTE Fortinet-Vdom-Name 3 string
ATTRIBUTE Fortinet-Client-IPv6-Address 4 octets
ATTRIBUTE Fortinet-Interface-Name 5 string
ATTRIBUTE Fortinet-Access-Profile 6 string
#
# Integer Translations
#
END-VENDOR Fortinet

THis is what i created and it seems to be working. as i am now able to see these options under the Radius attributes section.

@radius.dct

#
# Fortinet specific parameters
#

MACRO Fortinet-VSA(t,s) 26 [vid=12356 type1=%t% len1=+2 data=%s%]

ATTRIBUTE Fortinet-Group-Name Fortinet-VSA(1, string) r (This is the one i have setup on the Fortigate)
ATTRIBUTE Fortinet-Client-IP-Address Fortinet-VSA(2, ipaddr) r
ATTRIBUTE Fortinet-Vdom-Name Fortinet-VSA(3, string) r
ATTRIBUTE Fortinet-Client-IPv6-Address Fortinet-VSA(4, octets) r
ATTRIBUTE Fortinet-Interface-Name Fortinet-VSA(5, string) r
ATTRIBUTE Fortinet-Access-Profile Fortinet-VSA(6, string) r

I guess my biggest Questions has anyone been able to get this to work? if so do they have a config for the MAG and Fortigate they can share with me?

Thanks.