Configuring FortiGate as a RADIUS client

To configure FortiGate as a RADIUS client:

In Authentication > RADIUS Service > Clients, click Create New.
Enter a unique name for the RADIUS client and the IP address from which it will be connecting.
This is the IP address of the RADIUS client itself, here, FortiGate, not the IP address of the end-user's device.
You may enter a subnet or a range if this configuration applies to multiple FortiGates.
Enter a password for Secret.
The secret is a pre-shared secure password that the device, here, FortiGate, uses to authenticate to FortiAuthenticator.

Click OK to save changes to the RADIUS client.

If FortiGate provides RADIUS services to other users and for other tasks, you should configure a loopback interface. You can specify the RADIUS source IP address in the FortiGate CLI for the loopback interface.

To configure a loopback interface using the FortiGate CLI:

config user radius

edit FAC

set source-ip <ip address> #use the IP address configured in the RADIUS client on FortiAuthenticator.

end

Configuring FortiGate as a RADIUS client

To configure FortiGate as a RADIUS client:

In Authentication > RADIUS Service > Clients, click Create New.

Enter a unique name for the RADIUS client and the IP address from which it will be connecting.

This is the IP address of the RADIUS client itself, here, FortiGate, not the IP address of the end-user's device.

You may enter a subnet or a range if this configuration applies to multiple FortiGates.

Enter a password for Secret.

The secret is a pre-shared secure password that the device, here, FortiGate, uses to authenticate to FortiAuthenticator.

Click OK to save changes to the RADIUS client.

To configure a loopback interface using the FortiGate CLI:

config user radius

edit FAC

set source-ip <ip address> #use the IP address configured in the RADIUS client on FortiAuthenticator.

end

Cookbook

Configuring FortiGate as a RADIUS client