https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504880#M302495 Thx for the quick answer.<BR />with the authentication by RADIUS server, the FortiGate will decide only the access but the security policies will be settings on the Meraki cloud or will those on the fortigate be applied? Mon, 16 Mar 2020 12:31:05 GMT DavideUrsino 2020-03-16T12:31:05Z https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504878#M302493 <P>Good Morning to all,</P><P>I have a question reguarding authentication with Firewall FortiGate as Access Control,</P><P>I would like the FortiGate took over the role of "WiFi controller" and centralized all the client authorization,</P><P>Is it also possible to tag traffic from clients with VLANs created on Fortigate? </P><P>Thanks in advance for your reply</P> Mon, 16 Mar 2020 10:22:30 GMT https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504878#M302493 DavideUrsino 2020-03-16T10:22:30Z https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504879#M302494 <P>If the Fortigate can be a radius server then you can use it for wireless client authentication. You can't use it as a full wireless controller as the Meraki cloud is that.</P> Mon, 16 Mar 2020 10:35:57 GMT https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504879#M302494 CMR 2020-03-16T10:35:57Z https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504880#M302495 Thx for the quick answer.<BR />with the authentication by RADIUS server, the FortiGate will decide only the access but the security policies will be settings on the Meraki cloud or will those on the fortigate be applied? Mon, 16 Mar 2020 12:31:05 GMT https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504880#M302495 DavideUrsino 2020-03-16T12:31:05Z https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504881#M302496 <P>You can either use the Tunnel-Private-Group-ID attribute to dynamically specify the VLAN the wireless user should be placed into:</P><P><A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise#Supported_RADIUS_Attributes" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise#Supported_RADIUS_Attributes</A></P><P>Or you can create a Meraki group policies assigning whatever you want. Then use the Filter-Id attribute to specify which group policies to assign to whatever users you want.</P><P><A href="https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply_Group_Policies" target="_self" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply_Group_Policies</A> </P> Mon, 16 Mar 2020 18:10:27 GMT https://community.cisco.com/t5/wireless/mr-access-point-integration-with-fortigate/m-p/5504881#M302496 Philip D'Ath 2020-03-16T18:10:27Z