Fortinet Document Library

Version:


Table of Contents

Cookbook

5.6.0
Download PDF
Copy Link

FortiConnect guest on-boarding using RSSO

This recipe describes the usage of RADIUS Single Sign-On (RSSO), using FortiGate, FortiConnect (for guest portal and RADIUS authentication), and FortiWLC (for providing wireless access). Captive Portal users will be mapped to user groups on the FortiGate, and security policies will be applied based on these user groups.

Authentication flow:

  1. User authenticates to WLC via a security profile, where a RADIUS authentication is established (802.1x / Captive Portal).
  2. WLC validates user credentials at RADIUS server.

  3. RADIUS servers authenticates user for access and sends access-accept back to WLC to allow connection (including class attribute).

  4. WLC allows device/user to establish wireless connection.

  5. WLC sends accounting packets to RADIUS server.

  6. RADIUS server proxies those accounting packets and forwards it to the FortiGate.

  7. FortiGate registers user and maps the user to an RSSO-user group.

FortiConnect guest on-boarding using RSSO

This recipe describes the usage of RADIUS Single Sign-On (RSSO), using FortiGate, FortiConnect (for guest portal and RADIUS authentication), and FortiWLC (for providing wireless access). Captive Portal users will be mapped to user groups on the FortiGate, and security policies will be applied based on these user groups.

Authentication flow:

  1. User authenticates to WLC via a security profile, where a RADIUS authentication is established (802.1x / Captive Portal).
  2. WLC validates user credentials at RADIUS server.

  3. RADIUS servers authenticates user for access and sends access-accept back to WLC to allow connection (including class attribute).

  4. WLC allows device/user to establish wireless connection.

  5. WLC sends accounting packets to RADIUS server.

  6. RADIUS server proxies those accounting packets and forwards it to the FortiGate.

  7. FortiGate registers user and maps the user to an RSSO-user group.