Hello Community Members,
Does anybody know how I should configure RSA Authentication Manager for RADIUS accounting?
I use RSA tokens for dial-up VPN authentication. I managed to set up Fortigate VSA on RSA AM so it can give back "Fortinet-Group-Name" attribute defined in RADIUS profile to Fortigate. For this reason, authentication works as expected.
To be able to create user-based policies in firewall, I have to set up RADIUS Single Sign-On (RSSO). It means I have to use RADIUS accounting. I should get back "Class" or "Fortinet-Group-Name" attribute in accounting messages.
I am attaching a diagram how RSSO should work regarding Fortinet (Fortinet_RSSO.jpg). I also attaching some pcap files contains RADIUS accounting messages (RADIUS_acct_request.jpg; RADIUS_acct_response.jpg). As you can see, RADIUS accounting response message is an acknowledgement only.
Thanks and Best Regards,