Send ISE RADIUS accounting message to another system

alibarzoodeh · ‎02-28-2016

Hi

is there possible ISE send RADIUS accounting to another system like Fortigate?

in my scenario, we have fortigate at edge block and ISE for dot1x user authentication.

we want enable Fortigate RADIUS Single Sign On with ISE as RADIUS Server.

jj27 · ‎02-29-2016

Yes you can send accounting messages to an external syslog server, but I'm not sure about what you are trying to do with the Fortigate and if it can accept Syslog messages or not.

If you go to Administration->Logging->Remote Logging targets and setup your Fortigate information then click Logging Categories from the Logging administration page and click on the Accounting->RADIUS accounting link in the list to configure the logs to be sent there.

jan.nielsen · ‎02-29-2016

Unfortunaly i think Fortigate expects radius accounting packets sent as they are originally from the switch or wlc as radius, not as syslog events. You cpuld probably have some sort of radius "proxy" set up to replicate the accounting packets to ise and to your fortigate.

steigja · ‎12-07-2016

Hello,

I have the same issue with trying to authenticate ISE with the Fortigate for radius SSO. Have you have any luck with this? Have you been able to use a radius proxy to transform the syslogs into radius accounting packets? Thanks

Jason

Van Liedekerke Wim · ‎06-14-2018

Hi,

was anybody able to crack this problem?

Thanks,

Wim

gabo · ‎10-19-2023

I see there is an enhancement bug to add this feature in ISE

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd83297