1. About this Guide
This guide has been created in order to help sales engineers, product managers, or network specialists demonstrate the PacketFence capabilities on-site with an existing or potential customer. It can also provide guidelines to setup a proof of concept for a potential PacketFence deployment using the FortiGate firewall.
You have a configured PacketFence environment with working test equipment;
You have a FortiGate firewall.
3. Quick installation
3.1. Step 1: Configuration of the RSSO Agent
Go to your FortiGate administration webpage in User & Device → User → User Groups → Create New.
Type: RADIUS Single Sign-On (RSSO)
RADIUS Attribute Value: RSSO_Student (use the rolename of PacketFence, it’s case sensitive)
You can also see that in the webpage at User & Device → Monitor → Firewall
3.2. Step 2: Configure the endpoint attribute
The default endpoint attribute is the Calling-Station-Id so the MAC address shows up under User Name, we can change that in CLI:
config user radius edit RSSO_agent set rsso-endpoint-attribute User-Name end
3.3. Step 3: Activate the Accounting Listening
Go to System → Network → Interfaces.
Select the interface that will communicate with PacketFence and check Listen for RADIUS Accounting Messages then confirm.
3.4. Step 4: SSO Configuration in PacketFence
Go to Configuration → Integration → Firewall SSO → Add Firewall → FortiGate.
Hostname or IP Address: IP of your firewall
Secret or Key: secret (radius shared secret)
Roles: add the roles that you want to do SSO
3.5. Step 5: Verification
If you want to see if it’s working, you can log into the firewall over SSH and run these following commands:
di debug enable di debug application radiusd -1