Creating the user and user group on the FortiAuthenticator

1. On the FortiAuthenticator, go to Authentication > User Management > Local Users and select Create New.

Enter a name for the user, enter and confirm a password, and be sure to disable Allow RADIUS authentication — RADIUS authentication is not required for this recipe.

Set Role as User, and select OK. New options will appear.

Make sure to enable Allow LDAP browsing — the user will not be able to connect to the FortiGate otherwise.



2. Create another user with the same settings. Later, you will use jgarrick on the FortiGate to query the LDAP directory tree on FortiAuthenticator, and you will use bwayne credentials to connect to the VPN tunnel.
3. Next go to Authentication > User Management > User Groups, and create a user group for the FortiGate users. Add the desired users to the group.