Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MAG2600 UAC with Fortigate FW

jbrunk_
New Contributor
‎06-05-2015 08:02:PM
‎06-05-2015 08:02:PM

MAG2600 UAC with Fortigate FW

Hello everyone,

My radius device is a MAG2600(UAC) My Firewall Is a Fortigate 100D, I am having a hard time getting radius setup for admin login into the FW itself.

I know my issue is more so on the MAG2600 and the VSA dct file i have to manually configure.

This is what Fortinet provides which doesn't work at all.

VENDOR Fortinet 12356
BEGIN-VENDOR Fortinet
ATTRIBUTE Fortinet-Group-Name 1 string
ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr
ATTRIBUTE Fortinet-Vdom-Name 3 string
ATTRIBUTE Fortinet-Client-IPv6-Address 4 octets
ATTRIBUTE Fortinet-Interface-Name 5 string
ATTRIBUTE Fortinet-Access-Profile 6 string
#
# Integer Translations
#
END-VENDOR Fortinet

THis is what i created and it seems to be half working. as i am now able to see these options under the Radius attributes section.

@radius.dct

#
# Fortinet specific parameters
#

MACRO Fortinet-VSA(t,s) 26 [vid=12356 type1=%t% len1=+2 data=%s%]

ATTRIBUTE Fortinet-Group-Name Fortinet-VSA(1, string) r (This is the one i have setup on the Fortigate)
ATTRIBUTE Fortinet-Client-IP-Address Fortinet-VSA(2, ipaddr) r
ATTRIBUTE Fortinet-Vdom-Name Fortinet-VSA(3, string) r
ATTRIBUTE Fortinet-Client-IPv6-Address Fortinet-VSA(4, octets) r
ATTRIBUTE Fortinet-Interface-Name Fortinet-VSA(5, string) r
ATTRIBUTE Fortinet-Access-Profile Fortinet-VSA(6, string) r

I guess my biggest Questions has anyone been able to get this to work? if so do they have a config for the MAG and Fortigate they can share with me?

Thanks.

0 Kudos
1 REPLY 1
cbrauckmiller
Frequent Contributor
‎08-02-2015 09:07:AM
‎08-02-2015 09:07:AM

Re: MAG2600 UAC with Fortigate FW

Thanks for you question.

The issue here is that the file that your FW vendor provided is in the FreeRADIUS dictionary format.

PPS and Steel-Belted Radius do not use this format, rather, they use the Livingston dictionary format.

One thing you can do is download one of the included dictionaries from the MAG device and the use that as a template for your Fortigate dictionary.

If you have difficulties doing this, you can always contact our support team and they can help you convert the dictionary.

Good luck,

Craig
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.