Configuring Duo authentication server support

You can configure FortiADC to support a Duo RADIUS authentication server.

Basic steps:
  1. Configure a connection to a RADIUS server that can authenticate administrator or user logins.
  2. Select the RADIUS server configuration when you add administrator users or user groups.

Before you begin:

  • You must know the IP address, port, authentication protocol, and shared secret used to access the RADIUS server.
  • You must have Read-Write permission for System settings.
To configure duo authentication support:
  1. Go to User Authentication > Remote Server.
  2. Select the RADIUS Server tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in Configuring Duo authentication server support.
  5. Save the configuration.

Configure Duo authentication support

Settings Guidelines


Name the configuration to something like "Duo RADIUS" to differentiate it from other RADIUS server configurations.


Enter the IP address or DQDN of the Duo RADIUS proxy.


Specify the listening port of the Duo RADIUS proxy.

Shared Secret

Enter the RADIUS secret configured on the Duo RADIUS proxy.

Authentication Protocol

Be sure to select PAP for Duo RADIUS support.


Specify the amount of time that FortiADC must wait for responses from the remote RADIUS server before it times out the connection. Valid values are from 5 to 60 seconds. For Duo RADIUS support, we recommend using 60 seconds.

You can also configure a Duo RADIUS server using the following commands from the Console:

config user radius
			edit <name>
			set auth-type {chap|ms_chap|ms_chapv2|pap}
			set port <integer>
			set secret <password>
			set server <string>
			set timeout <integer>
			set vdom <datasource>