Tuesday, June 7, 2016

FAZ setup for AAA access

In this blog we look at how simple the configuration for  AAA redundant with remote-group. Here a Fortianalyzer has been setup for AAA authentication via TACACS+

The 1st step is to define the AAA components



Then we can setup a "wildcard"  account with the type as "group".



Ensure that  set radius-accprofile-override is enable if you want to override access profiles via AAA.



Now you can use the  diag cmd to validate a remote-user and the profile.



Ken
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment