Fortinet VPN, Radius and groups

Our VPN appliance currently uses LDAP-linked groups for Portal Mapping that allows access to specific networks for each group.

However, it appears that with the Duo MFA config, we can no longer leverage groups because we have to replace the LDAP Remote Server with the Duo Radius server, which support told me will not recognize any groups.

That being the case, it almost looks like we would have to have a different Radius (DAP) server for each Portal Mapping in order to still specify network access. This seems quite excessive.

Anyone else encounter this hurdle? TIA

Hi @j-gray !

We have some knowledge base articles about Fortinet VPN that may help you.