Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

RADIUS

If you have existing RADIUS servers, you may choose to continue using them with FortiAuthenticator by configuring them as remote RADIUS servers. This feature can also be used to migrate away from third-party two-factor authentication platforms.

When entering the remote RADIUS server information, if any information is missing or in the wrong format, error messages will highlight the problem for you.
To add a remote RADIUS server entry:
  1. Go to Authentication > Remote Auth. Servers > RADIUS and select Create New. The Create New RADIUS Server window opens.
  2. Enter the following information, then select OK to add the RADIUS server.
    Name Enter the name for the remote RADIUS server on FortiAuthenticator.
    Preferred auth. method Select from either MSCHAPv2 (by default), MSCHAP, CHAP, or PAP.
    Timeout

    Enter a timeout in seconds between 1-60 seconds (3 by default).

    Note that a high timeout may impact the processing rate of authentication requests if the remote RADIUS server becomes unresponsive.

    Primary Server Enter the server name or IP address, port, and secret in the fields provided to configure the primary server.
    Secondary Server Optionally, add redundancy by configuring a secondary server.
    User Migration

    Select Enable learning mode to record and learn users that authenticate against this RADIUS server. This option should be enabled if you need to migrate users from the server to the FortiAuthenticator.

    Select View Learned Users to view the list of learned users. See Learned RADIUS users.

RADIUS

If you have existing RADIUS servers, you may choose to continue using them with FortiAuthenticator by configuring them as remote RADIUS servers. This feature can also be used to migrate away from third-party two-factor authentication platforms.

When entering the remote RADIUS server information, if any information is missing or in the wrong format, error messages will highlight the problem for you.
To add a remote RADIUS server entry:
  1. Go to Authentication > Remote Auth. Servers > RADIUS and select Create New. The Create New RADIUS Server window opens.
  2. Enter the following information, then select OK to add the RADIUS server.
    Name Enter the name for the remote RADIUS server on FortiAuthenticator.
    Preferred auth. method Select from either MSCHAPv2 (by default), MSCHAP, CHAP, or PAP.
    Timeout

    Enter a timeout in seconds between 1-60 seconds (3 by default).

    Note that a high timeout may impact the processing rate of authentication requests if the remote RADIUS server becomes unresponsive.

    Primary Server Enter the server name or IP address, port, and secret in the fields provided to configure the primary server.
    Secondary Server Optionally, add redundancy by configuring a secondary server.
    User Migration

    Select Enable learning mode to record and learn users that authenticate against this RADIUS server. This option should be enabled if you need to migrate users from the server to the FortiAuthenticator.

    Select View Learned Users to view the list of learned users. See Learned RADIUS users.