cancel
Showing results for 
Search instead for 
Did you mean: 

VPN users in XMC?

VPN users in XMC?

James_A
Valued Contributor

I’ve configured our VPN server (a Fortigate) to use ExtremeControl as a RADIUS server, which is working fine. But I was wondering how to view the sessions in XMC, since they don’t seem to show up in end-system events. Is it possible to view VPN connection history?

Bonus question: has anyone configured XMC to send back the Fortigate group VSAs?

8 REPLIES 8

James_A
Valued Contributor

The Fortigate is sending Calling-Station-Id, but it’s an IP address. From wireshark:

AVP: t=Calling-Station-Id(31) l=15 val=49.196.21.105

I’m guessing end-systems is keyed off MAC addresses though, not IP addresses.

For the VSAs, they were already available, so I edited the Fortigate switch config in the engine group, and created a new RADIUS attribute configuration with these attributes:

Fortinet-Group-Name=%LOGIN_LAT_GROUP%

Acct-Interim-Interval=600

I also made a new policy mapping with the correct Login-LAT-Group and then a profile that used it to put into the rules.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD46414

Miguel-Angel_RO
Valued Contributor II

James,

 

You should be able to tweak a little bit your fortigate to send the needed radius attribute (Calling Station ID). Check this: https://kb.fortinet.com/kb/documentLink.do?externalID=FD39610

If you manage to send it, the records should appear in the end-systems tab

 

Mig

James_A
Valued Contributor

Yep, there’s entries in there as management logins. The information column has “This is an administrative request because Calling-Station-Id is not present” at the end. Which makes sense I guess.

Ronald_Dvorak
Honored Contributor

Hi James,

could you check > Alarm&Events > Events > Type: Access Control Engine

Do you see the login events in that view.

 

-Ron 

 

GTM-P2G8KFN