Fortinet black logo

Cookbook

Configuring RADIUS client on FortiAuthenticator

Copy Link
Copy Doc ID 23809264-eafe-11eb-97f7-00505692583a:318160
Download PDF

Configuring RADIUS client on FortiAuthenticator

The FortiAuthenticator has to be configured to allow RADIUS clients to make authorization requests to it.

To create the RADIUS client:
  1. On the FortiAuthenticator, go to Authentication > RADIUS Service > Clients, and select Create New.
  2. Enter a Name, the IP address of the FortiGate, and set a Secret.
    The secret is a pre-shared secure password that the FortiGate will use to authenticate to the FortiAuthenticator.

To create the RADIUS policy:
  1. Go to Authentication > RADIUS Service > Policies, and select Create New.
  2. Enter the RADIUS policy name, description, and select the FortiGate RADIUS client.
  3. Do not configure RADIUS attribute criteria.
  4. Set the authentication type as Client Certificates (EAP-TLS).

  5. Choose a username format (in this example: username@realm), select the Local realm.
  6. Set the authentication method to Password only authentication.
  7. Review the RADIUS response, and click Save and Exit.

Configuring RADIUS client on FortiAuthenticator

The FortiAuthenticator has to be configured to allow RADIUS clients to make authorization requests to it.

To create the RADIUS client:
  1. On the FortiAuthenticator, go to Authentication > RADIUS Service > Clients, and select Create New.
  2. Enter a Name, the IP address of the FortiGate, and set a Secret.
    The secret is a pre-shared secure password that the FortiGate will use to authenticate to the FortiAuthenticator.

To create the RADIUS policy:
  1. Go to Authentication > RADIUS Service > Policies, and select Create New.
  2. Enter the RADIUS policy name, description, and select the FortiGate RADIUS client.
  3. Do not configure RADIUS attribute criteria.
  4. Set the authentication type as Client Certificates (EAP-TLS).

  5. Choose a username format (in this example: username@realm), select the Local realm.
  6. Set the authentication method to Password only authentication.
  7. Review the RADIUS response, and click Save and Exit.