Fortinet black logo

Administration Guide

Configuring FortiAnalyzer

Configuring FortiAnalyzer

On the FortiAnalyzer, you need to configure the RADIUS server and create an administrator that uses the RADIUS server for authentication.

Configure the RADIUS server:
  1. Go to System Settings > Admin > Remote Authentication Server.
  2. Click Create New > RADIUS in the toolbar.
  3. Configure the following settings, then click OK.

    Name

    Enter a name to identify the FortiAuthenticator.

    Server Name/IP

    Enter the IP address or fully qualified domain name of your FortiAuthenticator.

    Server Secret

    Enter the FortiAuthenticator secret.

    Secondary Server Name/IP

    Enter the IP address or fully qualified domain name of the secondary FortiAuthenticator, if applicable.

    Secondary Server Secret

    Enter the secondary FortiAuthenticator secret, if applicable.

    Port

    Enter the port for FortiAuthenticator traffic.

    Authentication Type

    Select the authentication type the FortiAuthenticator requires. If you select the default ANY, FortiAnalyzer tries all authentication types.

    Note: RADIUS server authentication for local administrator users stored in FortiAuthenticator requires the PAP authentication type.

Create the administrator:
  1. Go to System Settings > Admin > Administrator.
  2. Click Create New from the toolbar.
  3. Configure the settings, selecting the previously added RADIUS server from the RADIUS Server dropdown list. See Creating administrators.
  4. Click OK to save the settings.
Test the configuration:
  1. Attempt to log in to the FortiAnalyzer GUI with your new credentials.
  2. Enter your user name and password and click Login.
  3. Enter your FortiToken pin code and click Submit to log in to the FortiAnalyzer.

Configuring FortiAnalyzer

On the FortiAnalyzer, you need to configure the RADIUS server and create an administrator that uses the RADIUS server for authentication.

Configure the RADIUS server:
  1. Go to System Settings > Admin > Remote Authentication Server.
  2. Click Create New > RADIUS in the toolbar.
  3. Configure the following settings, then click OK.

    Name

    Enter a name to identify the FortiAuthenticator.

    Server Name/IP

    Enter the IP address or fully qualified domain name of your FortiAuthenticator.

    Server Secret

    Enter the FortiAuthenticator secret.

    Secondary Server Name/IP

    Enter the IP address or fully qualified domain name of the secondary FortiAuthenticator, if applicable.

    Secondary Server Secret

    Enter the secondary FortiAuthenticator secret, if applicable.

    Port

    Enter the port for FortiAuthenticator traffic.

    Authentication Type

    Select the authentication type the FortiAuthenticator requires. If you select the default ANY, FortiAnalyzer tries all authentication types.

    Note: RADIUS server authentication for local administrator users stored in FortiAuthenticator requires the PAP authentication type.

Create the administrator:
  1. Go to System Settings > Admin > Administrator.
  2. Click Create New from the toolbar.
  3. Configure the settings, selecting the previously added RADIUS server from the RADIUS Server dropdown list. See Creating administrators.
  4. Click OK to save the settings.
Test the configuration:
  1. Attempt to log in to the FortiAnalyzer GUI with your new credentials.
  2. Enter your user name and password and click Login.
  3. Enter your FortiToken pin code and click Submit to log in to the FortiAnalyzer.