Solved: configure tacacas+ in fortigate firewall with ISE

HARIHARAN S · ‎05-17-2023

I had configured the FortiGate firewall with TACACAS+ commands and all running fine. But I can't log in with my local admin user account.

I configured that my AD users should have only limited access.

Now I can log in only through my AD user accounts, can't log in through local admin account.

commands as follows

Enable TACACS+ through CLI
FG # config user tacacs+
FG (tacacs+) # edit "TACACS-SRV"
FG (TACACS-SRV) # set server "192.168.100.210"
FG (TACACS-SRV) # set key Test123
FG (TACACS-SRV) # set then-type pap
FG (TACACS-SRV) # set authorization enable
FG (TACACS-SRV) # next
FG (tacacs+) # end

ahollifield · ‎05-17-2023

FortiGate always tries all authentication methods to find the user. Is the username the same though in both ISE and the local account? The TACACS+ authentication will always try first, if this fails due to bad password the process will stop.

View solution in original post

ahollifield · ‎05-17-2023

FortiGate always tries all authentication methods to find the user. Is the username the same though in both ISE and the local account? The TACACS+ authentication will always try first, if this fails due to bad password the process will stop.

HARIHARAN S · ‎05-17-2023

Thanks for your support.

Username is different for the ISE and the local. I do reset the firewall and reconfigured the TACACS+ configurations. Now I can login to my Firewall with my local user account.