Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,I am wanting to move from local accounts with Fortitokens to domain/Duo MFA for my FortiGate firewalls. They have added the Fortinet FortiGate Admin application to the list of what can be protected. After walking through the setup and documenta...
Hello,
Does anyone know if it’s possible to restore users from trash with the admin API? I can create and modify my users just fine, but if I try setting status to “active” on a user in trash it still keeps them as pending deletion albeit with a stat...
Hi,
We use DUO as our MFA for Cisco Anyconnect and it’s been working without issue. I am using RADIUS authentication for this. In the documentation and knowledge base I saw that you can list multiple radius_client sections and matching radius_server_...
Hi all, I have a ASA5512 running 9.0(4) with remote access VPN enabled using Anyconnect. I have a server running TACACS.net version 1.3.2 for my AAA. My firewall has the below commands:aaa-server NAME protocol tacacs+aaa-server NAME (inside) host X....
Is it possible to send AAA accounting data from my firewall for AnyConnect to my TACACS server? Mainly interested in remote user connected and disconnected data.
One article I was reading said using "aaa accounting enable console GROUPNAME" would sen...
I am going to mark my own post as the answer. It doesn't appear this is capable with AAA accounting alone. I had to trap syslog event 722051 in order to get the IP assigned from the VPN IP pool. You would think that would be something they would add ...
I was able to get what I was looking for using TACACS+ with the free TACACS.net software.
This was all in a GNS3 Lab so not worried about made up IP addresses.
Firewall config:
Specify server group and the host with key(I called it TACACS):
aaa-se...
Hello,
No, I can get the command accounting working fine. I am trying to get some basic accounting for VPN connections using the AnyConnect client. Similar to what the syslog gives:
%ASA-4-113019: Group = GroupName, Username = user, IP = X.X.X.X, Se...
