cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MR Access Point Integration with FortiGate

SOLVED
Highlighted
Conversationalist

MR Access Point Integration with FortiGate

Good Morning to all,

 

I have a question reguarding authentication with Firewall FortiGate as Access Control,

 

I would like the FortiGate took over the role of "WiFi controller" and centralized all the client authorization,

 

Is it also possible to tag traffic from clients with VLANs created on Fortigate?                   

 

Thanks in advance for your reply

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: MR Access Point Integration with FortiGate

You can either use the Tunnel-Private-Group-ID attribute to dynamically specify the VLAN the wireless user should be placed into:

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

 

Or you can create a Meraki group policies assigning whatever you want.  Then use the Filter-Id attribute to specify which group policies to assign to whatever users you want.

 

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply... 

View solution in original post

3 REPLIES 3
Highlighted
Kind of a big deal
Kind of a big deal

Re: MR Access Point Integration with FortiGate

If the Fortigate can be a radius server then you can use it for wireless client authentication.  You can't use it as a full wireless controller as the Meraki cloud is that.

Highlighted
Conversationalist

Re: MR Access Point Integration with FortiGate

Thx for the quick answer.
with the authentication by RADIUS server, the FortiGate will decide only the access but the security policies will be settings on the Meraki cloud or will those on the fortigate be applied?
Kind of a big deal

Re: MR Access Point Integration with FortiGate

You can either use the Tunnel-Private-Group-ID attribute to dynamically specify the VLAN the wireless user should be placed into:

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

 

Or you can create a Meraki group policies assigning whatever you want.  Then use the Filter-Id attribute to specify which group policies to assign to whatever users you want.

 

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply... 

View solution in original post

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.