Refer to the exhibits. Examine the FortiGate RSSO configuration shown in the exhibit. FortiGate is set up to use RSSO for user authentication. It is currently receiving RADIUS accounting messages through port3. The incoming RADIUS accounting messages contain the username in the User-Name attribute and group membership in the Class attribute. You must ensure that the users are authenticated through these RADIUS accounting messages and accurately mapped to their respective RSSO user groups. Which three critical configurations must you implement on the FortiGate device? (Choose three answers)

A. The sso-attribute CLI setting in the RSSO agent configuration should be set to Class.
B. The rsso-endpoint-attribute CLI setting in the RSSO agent configuration should be set to User-Name.
C. RSSO user groups should be assigned to all firewall policies.
D. Device detection and Security Fabric Connection should be enabled on port3.
E. The RADIUS Attribute Value setting configured for an RSSO user group should match the Class RADIUS attribute value in the RADIUS accounting message.

Correct Answer: A,B,E

Brave-Dump Clients Votes

ABE 100%

Comments

Mario Kashio 2025-12-21 06:09:24

Selected Answers: A, B, E

❌ C. RSSO user groups should be assigned to all firewall policies.
❌ INCORRECT - RSSO groups only need to be used in policies that require user-based access
This is a policy design choice, not a technical requirement for RSSO to function

✅ B. The rsso-endpoint-attribute CLI setting in the RSSO agent configuration should be set to User-Name.
✔ CORRECT - rsso-endpoint-attribute defines how the user identity is extracted
The username is provided in the: User-Name attribute

Therefore:
set rsso-endpoint-attribute User-Name
is required.

Mo Rad 2026-02-14 01:39:31

Selected Answers: A, B, E

set rsso-endpoint-attribute User-Name
is required.