FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hvardhang
Staff
Staff
Article Id 194877
Description
This article describes how to configure NAS-IP in the SSL VPN realm which can be used to override the NAS-IP configured in radius authentication server settings.


Solution
Radius authentication Settings.

In the radius settings, 172.31.128.33 is configured as NAS-IP.





SSL VPN realm called 'HR’ is now configured and overridden the NAS-IP '172.31.128.100'.
The below settings will be applicable for SSL VPN realm 'HR’'and this option can be used in case if customers want to segregate with NAS-IP address for each departments or groups.
The RADIUS server authenticates and authorizes based on this information.
Each RADIUS server can be configured with multiple NAS-IPs for authenticating different groups and NAS clients.




Forticlient Config.

The login URL for SSL VPN is https://172.31.128.33:10443/hr




The user connection getting connected:





Logs.

The NAS-IP as 172.31.128.100 which is configured in SSL VPN Realm ‘HR’ is overriding the actual NAS-IP in radius configuration.

The debug for 'fnbam’ as below.




Sniffer.

In ACCESS-REQUEST, attribute for NAS-IP with configured IP in SSL VPN realm is visible.





Contributors