This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fortinet Security Integration

Fortinet Security Integration

_up__bb_
New Contributor III

‎07-13-2016 01:48 PM

I have found a Solution Brief about a security integration about Extreme Networks and Fortinet,
http://learn.extremenetworks.com/rs/extreme/images/Fortinet-SB.pdf
We have a lot of customer with this two vendor and this type of integration can add value at our works, but I cannot find any doc that explain HOW TO deploy this type of scenario/integration ...
Is only a marketing doc or there are behind this partnership a real integration?
Someone have already made somthing similar?

Roberto
0 Kudos
15 REPLIES 15

Luca_Messori
New Contributor II

‎07-29-2016 07:54 AM

Hi Zdenek,

thank you for the reply.

Really, I'm little confusing on Extreme side of the configuration steps.

I think that (first of all) I have to add the FG to NAC switches: I think that this step will add the firewall to the list of Radius client. Good, but the Fortigate will not do Radius authetication sessions. Fortigate sould receive accounting information from the NAC, so I have to configure the NAC to send accounting info.

Where and how can I configure the NAC to send Accounting info to the fortigate?

Regards,

Luca

0 Kudos

Zdeněk_Pala
Extreme Employee
In response to Luca_Messori

‎07-29-2016 07:54 AM

It does not make sense to configure Fortigate as switch (radius client) in AccessControl (NAC) configuration. I do not expect you want Forgite send radius requests to AccessControlEngine (NAC-GW) to process.
Regards Zdeněk Pala
0 Kudos

Zdeněk_Pala
Extreme Employee
In response to Luca_Messori

‎07-29-2016 07:54 AM

the communication is between Management Center (NetSight) and Fortigate.
The communicaiton is NOT bewteen AccessControllEngine (NAC-GW) and Fortigate.

Configure IP address of Management Center as your radius server on the Fortigate = that means the Fortigate will understand the shared secret and will accept radius accounting from the Management Center.

Configure Extreme Connect (OneFabric Connect) module to talk to your fortigate.

---
client connects to the network access switch/AP, AccessControllEngine (NAC-GW) wil process it. when the IP resolution is done, the Management Center (NetSight) sends radius accounting to the Fortigate with appropriate radius attributes. finaly the fortigate knows IP-profile-username

good luck 
Regards Zdeněk Pala
0 Kudos

Zdeněk_Pala
Extreme Employee

‎07-29-2016 07:40 AM

Hi. Just follow the installation guide. The fortigate must be configured: management center (netsight) as radius server with correct shared secret.. From the terminology point of view the fortigate is the radius accounting server and management center is a radius accounting client. But the place where you configure it on the fortigate gui is little bit confusing. Z.
Regards Zdeněk Pala
0 Kudos

Luca_Messori
New Contributor II

‎07-29-2016 04:57 AM

Hi all,

I'm Luca, I'm working with Roberto in Fortigate integration.

I have read the Palo Alto document, but there is a big issue: Palo Alto devices integration is done using XML API (User API) but Fortigate integration should be done using RSSO (Radius SSO).

We have to configure "remote" Radius user group.

I'm reading the "old" One Fabric Connect install document, but it has some omission: the first one is how to tell NAC Radius server to consider Fortigate as a client. Now I will try to add it as a switch.

Have you got some suggestion?

Regards

0 Kudos
GTM-P2G8KFN