Hi, nice and clear video. Loved it. I would like to ask one question that, can we authenticate the fortiap wifi by using wpa3 enterprise or wpa3 sae via cisco ise as a radius which eventually authenticate user from AD. Waiting for your quick response.
Hi thansk for that. Short answer: I tried and it didn't work. It's not a straight process, but that you can tell because you probably won't find any documentation about it. I know Fortigate-FortiAP works well with Microsoft NPS and Azure for saml authentication.
@@silesiocarvalho thank you for reading my comment and reply. I tried and i successfully authenticated the ssid using wpa3 enterprise via cisco ise through AD user. Glad i am successful in a first try. But i am working on dynamic vlan assignment for AD OU groups. If you have some documents on this regards, please suggest/guide me on the cisco ise. Thanks once again.
I have to thank you for that. For some reason ISE doesn't work well with fortigate for WPA2/3 Enterprise. But ISE relay authenticatoin to AD works. Just tried after reading your comment. For dynamic vlan assignment watch the video below. th-cam.com/video/yLc4xfz9bLM/w-d-xo.html Additionally integratingit.wordpress.com/2018/05/07/configuring-cisco-ise-dynamic-vlan-assignment/
Great video! Congrats! I have a doubt, regarding the accounting function on ISE. If you make any changes in the FG (CLI or GUI) you can see logs in the Cisco ISE? Regards
Hi, you can check on this link: community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-TACACS-authentication-and/ta-p/192810#:~:text=FortiGate%20provides%20support%20for%20many,and%20wait%20for%20its%20response.
Hi there Silesio, this guide was perfect. I have done some stuff not like it as i use Radius groups instead of local ISE users. but when i try to login on the FortiGate, i see no traffic going to my ISE. only if i test the connection to the server i see traffic
Hello Carvalho. Thanks for the instruction. Help me with this problem. My Radius server is located on one of our corporate network sites. When I try to connect to Fortigate via Radius, I see that my Foritgate request goes to the Radius server through the global routing table. For MGMT, I created a separate VRF and placed a subnet in it. How do I tell the request to the Radius server to be sent through the new VRF?
As radius still in global routing table, you'll have to leak from mgmt vrf to global routing table. Just google Route Leaking Fortigate. There are a lot of examples.
Hi, nice and clear video. Loved it.
I would like to ask one question that, can we authenticate the fortiap wifi by using wpa3 enterprise or wpa3 sae via cisco ise as a radius which eventually authenticate user from AD. Waiting for your quick response.
Hi thansk for that. Short answer: I tried and it didn't work. It's not a straight process, but that you can tell because you probably won't find any documentation about it. I know Fortigate-FortiAP works well with Microsoft NPS and Azure for saml authentication.
@@silesiocarvalho thank you for reading my comment and reply.
I tried and i successfully authenticated the ssid using wpa3 enterprise via cisco ise through AD user. Glad i am successful in a first try. But i am working on dynamic vlan assignment for AD OU groups. If you have some documents on this regards, please suggest/guide me on the cisco ise.
Thanks once again.
I have to thank you for that. For some reason ISE doesn't work well with fortigate for WPA2/3 Enterprise. But ISE relay authenticatoin to AD works. Just tried after reading your comment.
For dynamic vlan assignment watch the video below.
th-cam.com/video/yLc4xfz9bLM/w-d-xo.html
Additionally
integratingit.wordpress.com/2018/05/07/configuring-cisco-ise-dynamic-vlan-assignment/
Great video. Can you please share the diagram/topology that you used for this demo?
Thanks. Don't have anymore😬
Great video! Congrats!
I have a doubt, regarding the accounting function on ISE.
If you make any changes in the FG (CLI or GUI) you can see logs in the Cisco ISE?
Regards
Tks. I haven't tried yet.
you are great sir is there any way to use tacacs protocol instead of radius
Hi, you can check on this link: community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-TACACS-authentication-and/ta-p/192810#:~:text=FortiGate%20provides%20support%20for%20many,and%20wait%20for%20its%20response.
Hi there Silesio, this guide was perfect. I have done some stuff not like it as i use Radius groups instead of local ISE users. but when i try to login on the FortiGate, i see no traffic going to my ISE.
only if i test the connection to the server i see traffic
Tks
@@silesiocarvalho Sorry, what do Tks stand for? :)
Hello Carvalho. Thanks for the instruction. Help me with this problem. My Radius server is located on one of our corporate network sites. When I try to connect to Fortigate via Radius, I see that my Foritgate request goes to the Radius server through the global routing table. For MGMT, I created a separate VRF and placed a subnet in it. How do I tell the request to the Radius server to be sent through the new VRF?
As radius still in global routing table, you'll have to leak from mgmt vrf to global routing table. Just google Route Leaking Fortigate. There are a lot of examples.
What is the ise network device profile? Use cisco profile will do the work? Thanks
Yes
good tutorial bro. Can you make an ISE course on Udemy too, bro?
That's an awesome idea. For sure next year. 😉. Stay tuned