Fortinet black logo

Cookbook

WiFi using FortiAuthenticator RADIUS with certificates

Copy Link
Copy Doc ID 52c06fe2-eb01-11eb-97f7-00505692583a:587192
Download PDF

This recipe will walk you through the configuration of FortiAuthenticator as the RADIUS server for a FortiGate wireless controller. WPA2-Enterprise with 802.1X authentication can be used to authenticate wireless users with FortiAuthenticator. 802.1X utilizes the Extensible Authentication Protocol (EAP) to establish a secure tunnel between participants involved in an authentication exchange.

EAP-TLS is the most secure form of wireless authentication because it replaces the client username/password with a client certificate. Every end user, including the authentication server, that participates in EAP-TLS must possess at least two certificates:

  1. A client certificate signed by the certificate authority (CA)
  2. A copy of the CA root certificate.

This recipe specifically focuses on the configuration of the FortiAuthenticator, FortiGate, and Windows 10 computer.

This recipe will walk you through the configuration of FortiAuthenticator as the RADIUS server for a FortiGate wireless controller. WPA2-Enterprise with 802.1X authentication can be used to authenticate wireless users with FortiAuthenticator. 802.1X utilizes the Extensible Authentication Protocol (EAP) to establish a secure tunnel between participants involved in an authentication exchange.

EAP-TLS is the most secure form of wireless authentication because it replaces the client username/password with a client certificate. Every end user, including the authentication server, that participates in EAP-TLS must possess at least two certificates:

  1. A client certificate signed by the certificate authority (CA)
  2. A copy of the CA root certificate.

This recipe specifically focuses on the configuration of the FortiAuthenticator, FortiGate, and Windows 10 computer.