The FortiAuthenticator has to be configured to allow RADIUS clients to make authorization requests to it.
- On the FortiAuthenticator, go to Authentication > RADIUS Service > Clients, and select Create New.
- Enter a Name, the IP address of the FortiGate, and set a Secret.
The secret is a pre-shared secure password that the FortiGate will use to authenticate to the FortiAuthenticator.
- Go to Authentication > RADIUS Service > Policies, and select Create New.
- Enter the RADIUS policy name, description, and select the FortiGate RADIUS client.
- Do not configure RADIUS attribute criteria.
- Set the authentication type as Client Certificates (EAP-TLS).
- Choose a username format (in this example: username@realm), select the Local realm.
- Set the authentication method to Password only authentication.
- Review the RADIUS response, and click Save and Exit.