From 62c7383d2f8a7b98ee873086c2c2b5824a6252b0 Mon Sep 17 00:00:00 2001
From: lyubomirtraykov <lyubomir.traykov@gmail.com>
Date: Mon, 29 Jun 2020 09:24:26 +0300
Subject: [PATCH] Add FortiGate Role Based Enforcement

---
 lib/pf/Switch/Fortinet/FortiGate.pm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/pf/Switch/Fortinet/FortiGate.pm b/lib/pf/Switch/Fortinet/FortiGate.pm
index e47ff3258eb7..fd7e9c706617 100644
--- a/lib/pf/Switch/Fortinet/FortiGate.pm
+++ b/lib/pf/Switch/Fortinet/FortiGate.pm
@@ -48,6 +48,7 @@ use pf::SwitchSupports qw(
     WirelessMacAuth
     WiredMacAuth
     WirelessDot1x
+    RoleBasedEnforcement
     VPN
 );
 
@@ -159,6 +160,18 @@ sub getAcceptForm {
     return $html_form;
 }
 
+=item returnRoleAttribute
+
+What RADIUS Attribute (usually VSA) should the role returned into.
+
+=cut
+
+sub returnRoleAttribute {
+    my ($self) = @_;
+
+    return 'Fortinet-Group-Name';
+}
+
 =item deauthenticateMacDefault
 
 Overrides base method to send Acct-Session-Id within the RADIUS disconnect request