RADIUS SSO example

Testing

Once configured, a user only needs to log on to their PC using their RADIUS account. After that when they attempt to access an Internet website, the FortiGate unit will use their session information to get their RADIUS information. Once the user is verified, they are allowed access to the website.

To test the configuration perform the following steps:

1. Have user ‘plee’ logon to their PC, and try to access an Internet website.

2. The FortiGate unit will contact the RADUS server for user plee’s information.

Once confirmed, plee will have access to the website.

Each step generates log entries that enable you to verify that each step was successful.

3. If a step is unsuccessful, confirm that your configuration is correct.

 

RADIUS SSO test

 

Troubleshooting

In the web-based manager, a good tool for troubleshooting is the packet counter column on the security policy page (Policy > Policy). This column displays the number of packets that have passed through this security policy. Its value when you are troubleshooting is that when you are testing your configuration (end to end connectivity, user authentication, policy use) watching the packet count for an increase confirms any other methods you may be using for troubleshooting. It provides the key of which policy is allowing the traffic, useful information if you expect a user to require authentication and it never happens. For more information about authentication security policies, see “Authentication in security policies”.

This section addresses how to get more information from the CLI about users and user authentication attempts to help troubleshoot failed authentication attempts.

diag firewall iprope list

Shows the IP that the computer connected from. This is useful to confirm authorization and VPN settings.

diag firewall iprope clear

Clear all authorized users from the current list. Useful to force users to re-authenticate after system or group changes. However, this command may easily result in many users having to re-authenticate, so use carefully.

diag rsso query ip

diag rsso query rsso-key

Queries the RSSO database.

For more information on troubleshooting specific features, go to that section of this document. Most sections have troubleshooting information at the end of the section. In addition to that information, see the FortiOS Handbook Troubleshooting guide for general troubleshooting information.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.