DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Cookbook
Certificate management
FortiAuthenticator as a Certificate Authority
Creating a new CA on the FortiAuthenticator
Installing the CA on the network
Creating a CSR on the FortiGate
Importing and signing the CSR on the FortiAuthenticator
Importing the local certificate to the FortiGate
Configuring the certificate for the GUI
Results
FortiAuthenticator certificate with SSL inspection
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiAuthenticator certificate with SSL inspection using an HSM
Configuring the NetHSM profile on FortiAuthenticator
Creating a local CA certificate using an HSM server
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiToken and FortiToken Mobile
FortiToken Mobile Push for SSL VPN
Adding a FortiToken to the FortiAuthenticator
Adding the user to the FortiAuthenticator
Creating the RADIUS client and policy on the FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL-VPN
Results
Guest Portals
FortiAuthenticator as Guest Portal for FortiWLC
Creating the FortiAuthenticator as RADIUS server on the FortiWLC
Creating the Captive Portal profile on the FortiWLC
Creating the security profile on the FortiWLC
Creating the QoS rule on the FortiWLC
Creating the ESS Profile on the FortiWLC
Creating FortiWLC as RADIUS client on the FortiAuthenticator
Creating the portal and access point on FortiAuthenticator
Creating the portal policy on FortiAuthenticator
Results
FortiAuthenticator as a Wireless Guest Portal for FortiGate
Configuring FortiGate as a RADIUS client
Creating a user group on FortiAuthenticator for guest users
Creating a guest portal on FortiAuthenticator
Configuring an access point on FortiAuthenticator
Configuring a captive portal policy on FortiAuthenticator
Configuring FortiAuthenticator as a RADIUS server on FortiGate
Creating a guest group on FortiGate
Creating a wireless guest SSID on FortiGate
Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet
Configuring firewall authentication portal settings on FortiGate
FortiAuthenticator as a Wired Guest Portal for FortiGate
Configuring FortiGate as a RADIUS client
Creating a user group on FortiAuthenticator for guest users
Creating a guest portal on FortiAuthenticator
Configuring an access point on FortiAuthenticator
Configuring a captive portal policy on FortiAuthenticator
Configuring FortiAuthenticator as a RADIUS server on FortiGate
Creating a guest group on FortiGate
Creating a wired guest interface on FortiSwitch
Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet
Configuring firewall authentication portal settings on FortiGate
MAC authentication bypass
MAC authentication bypass with dynamic VLAN assignment
Configuring MAC authentication bypass on the FortiAuthenticator
Configuring the user group
Configuring RADIUS settings on FortiAuthenticator
Configuring the 3rd-party switch
Results
Self-service Portal
FortiAuthenticator user self-registration
Creating a self-registration user group
Enabling self-registration
Creating a new SMTP server
Results - Self-registration
Results - Administrator approval
VPNs
LDAP authentication for SSL VPN with FortiAuthenticator
Creating the user and user group on the FortiAuthenticator
Creating the LDAP directory tree on the FortiAuthenticator
Connecting the FortiGate to the LDAP server
Creating the LDAP user group on the FortiGate
Configuring the SSL-VPN
Results
SMS two-factor authentication for SSL VPN
Creating an SMS user and user group on the FortiAuthenticator
Configuring the FortiAuthenticator RADIUS client
Configuring the FortiGate authentication settings
Configuring the SSL-VPN
Creating the security policy for VPN access to the Internet
Results
WiFi authentication
Assigning WiFi users to VLANs dynamically
Configuring the FortiAuthenticator
Adding the RADIUS server to the FortiGate
Creating an SSID with dynamic VLAN assignment
Creating the VLAN interfaces
Creating security policies
Creating the FortiAP profile
Connecting and authorizing the FortiAP
Results
WiFi using FortiAuthenticator RADIUS with certificates
Creating a local CA on FortiAuthenticator
Creating a local service certificate on FortiAuthenticator
Configuring RADIUS EAP on FortiAuthenticator
Configuring RADIUS client on FortiAuthenticator
Configuring local user on FortiAuthenticator
Configuring local user certificate on FortiAuthenticator
Creating RADIUS server on FortiGate
Creating WiFi SSID on FortiGate
Exporting user certificate from FortiAuthenticator
Importing user certificate into Windows 10
Configuring Windows 10 wireless profile to use certificate
Results
WiFi RADIUS authentication with FortiAuthenticator
Creating users and user groups on the FortiAuthenticator
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Configuring FortiGate to use the RADIUS server
Creating SSID and set up authentication
Connecting and authorizing the FortiAP
Creating the security policy
Results
WiFi with WSSO using FortiAuthenticator RADIUS and Attributes
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Creating users on the FortiAuthenticator
Creating user groups on the FortiAuthenticator
Configuring the FortiGate to use the FortiAuthenticator as the RADIUS server
Configuring user groups on the FortiGate
Creating security policies
Configuring the SSID to RADIUS authentication
Results
802.1X authentication using FortiAuthenticator with Google Workspace User Database
Configuring FortiGate as a RADIUS client
Creating a realm and RADIUS policy with EAP-TTLS authentication
Configuring FortiAuthenticator as a RADIUS server in FortiGate
Configuring a WPA2-Enterprise with FortiAuthenticator as the RADIUS server
Configuring Windows or macOS to use EAP-TTLS and PAP
LDAP Authentication
Google Workspace integration using LDAP
Generating the Google Workspace certificate
Importing the certificate to FortiAuthenticator
Configuring LDAP on the FortiAuthenticator
Troubleshooting
SAML Authentication
SAML IdP proxy for Azure
Configuring OAuth settings
Configuring the remote SAML server
Creating a remote SAML user synchronization rule
Configuring an Azure realm
Configuring SAML IdP settings
Configuring SP settings on FortiAuthenticator
Configuring the login page replacement message
Results
SAML IdP proxy for Google Workspace
Configuring OAuth settings
Configuring the remote SAML server
Creating a remote SAML user synchronization rule
Configuring a Google Workspace Realm
Configuring IdP settings
Configuring SP settings on FortiAuthenticator
Configuring the login page replacement message
Results
SAML FSSO with FortiAuthenticator and Okta
Configuring DNS and FortiAuthenticator's FQDN
Enabling FSSO and SAML on FortiAuthenticator
Configuring the Okta developer account IdP application
Importing the IdP certificate and metadata on FortiAuthenticator
Configuring FSSO on FortiGate
Office 365 SAML authentication using FortiAuthenticator with 2FA
Configure the remote LDAP server on FortiAuthenticator
Configure SAML settings on FortiAuthenticator
Configure two-factor authentication on FortiAuthenticator
Configure the domain and SAML SP in Microsoft Azure AD PowerShell
Configure Microsoft Azure AD Connect
Results
FortiGate SSL VPN with FortiAuthenticator as the IdP proxy for Azure
Configuring Azure
Configuring FortiAuthenticator
Configuring FortiGate
Results
SAML FSSO with FortiAuthenticator and Microsoft Azure AD
Creating a tenant in Azure Portal
Creating an enterprise application in Azure Portal
Setting up single sign-on for an enterprise application
Adding a user group SAML attribute to the enterprise application
Adding users to an enterprise application
Adding the enterprise application as an assignment
Registering the enterprise application with Microsoft identity platform and generating authentication key
Creating a remote OAuth server with Azure application ID and authentication key
Creating a remote SAML server
Setting up SAML SSO in FortiAuthenticator
Adding an FSSO agent
Configuring an interface to use an external captive portal
Configuring a policy to allow a local network to access Microsoft Azure services
Creating an exempt policy to allow users to access the captive portal
Results
Office 365 SAML authentication using FortiAuthenticator with 2FA in Azure/ADFS hybrid environment
Configure FortiAuthenticator as an SP in ADFS
Configure the remote SAML server on FortiAuthenticator
Configure SAML settings on FortiAuthenticator
Configure two-factor authentication on FortiAuthenticator
Configure FortiAuthenticator replacement messages
Results
SSL VPN SAML authentication using FortiAuthenticator with OneLogin as SAML IdP
Creating an OneLogin application
Configuring an application on OneLogin
Configuring application parameters on OneLogin
Configuring SSO on OneLogin
Granting user access to the application
Configuring a remote SAML server
Configuring an OneLogin realm
Creating remote SAML users
Configuring SAML IdP settings
Configuring FortiAuthenticator replacement message
Configuring FortiGate SP settings on FortiAuthenticator
Uploading SAML IdP certificate to the FortiGate SP
Creating SAML user and server
Mapping SSL VPN authentication portal
Increasing remote authentication timeout using FortiGate CLI
Configuring a policy to allow users access to allowed network resources
FortiGate SSL VPN with FortiAuthenticator as SAML IdP
Certificate management
FortiAuthenticator user management
SAML IdP and SP configurations
FortiGate user management
FortiGate SSL VPN configurations
FortiClient configurations
Testing and verification
Computer Authentication
Computer authentication using FortiAuthenticator with MS AD Root CA
Configure the certificates and Root CA
Configure LDAP users on FortiAuthenticator
Configuring the LDAP server
Creating a user realm
Creating a user group
Importing users with a remote user sync rule
Configure RADIUS authentication
Adding RADIUS attributes
Configuring the RADIUS client
Configuring the EAP server certificate
Creating a RADIUS policy
Configuring the RADIUS server on FortiGate
Configure the SSID and interface objects
Results
WiFi onboarding using FortiAuthenticator Smart Connect
Initial settings on FortiAuthenticator
Install certificates
Configure the RADIUS client settings
Configure the local root CA
Configure the EAP server certificate and CA for EAP-TLS
Option A - WiFi onboarding with Smart Connect and Google Workspace
Configure Google Workspace LDAPS Integration
Provision the LDAP connector in Google Workspace
Configure certificates on FortiAuthenticator
Configure the remote LDAP server and users
Configure Smart Connect and the captive portal
Create the Smart Connect profile
Create the captive portal
Create the self-service portal policy
Configure RADIUS settings on FortiAuthenticator
Option B - WiFi onboarding with Smart Connect and Azure
Configure Azure AD DS LDAPS integration
Provision the LDAPS connector in Azure AD DS
Provision the remote LDAP server on FortiAuthenticator
Configure Smart Connect and the captive portal
Create the Smart Connect profile
Create the captive portal
Create the self-service portal policy
Configure RADIUS settings on FortiAuthenticator
FortiGate configuration
Configure the RADIUS server on FortiGate
Create the user group for cloud-based directory user accounts
Provision the Onboarding and Secure WiFi networks
Results
Smart Connect Windows device onboarding process
Smart Connect iOS device onboarding process
ZTNA
Setting up a zero trust tunnel
Configuring a zero trust tunnel on FortiAuthenticator
Configuring an LDAP server with zero trust tunnel enabled on FortiAuthenticator
Configuring certificate authentication for FortiAuthenticator
Configuring a ZTNA server
Configuring a ZTNA rule
Debugging
Change Log
Home
FortiAuthenticator 6.5.0
Cookbook
6.5.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.0
5.5.0
Configuring user groups on the FortiGate
Configuring user groups on the FortiGate
To configure user groups on the FortiGate:
Go to
User & Device > User Groups
and create two groups named the same as the ones created on the
FortiAuthenticator
.
Do not add any members to either group.
Previous
Next
Configuring user groups on the FortiGate
Configuring user groups on the FortiGate
To configure user groups on the FortiGate:
Go to
User & Device > User Groups
and create two groups named the same as the ones created on the
FortiAuthenticator
.
Do not add any members to either group.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Certificate management
FortiAuthenticator as a Certificate Authority
Creating a new CA on the FortiAuthenticator
Installing the CA on the network
Creating a CSR on the FortiGate
Importing and signing the CSR on the FortiAuthenticator
Importing the local certificate to the FortiGate
Configuring the certificate for the GUI
Results
FortiAuthenticator certificate with SSL inspection
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiAuthenticator certificate with SSL inspection using an HSM
Configuring the NetHSM profile on FortiAuthenticator
Creating a local CA certificate using an HSM server
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiToken and FortiToken Mobile
FortiToken Mobile Push for SSL VPN
Adding a FortiToken to the FortiAuthenticator
Adding the user to the FortiAuthenticator
Creating the RADIUS client and policy on the FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL-VPN
Results
Guest Portals
FortiAuthenticator as Guest Portal for FortiWLC
Creating the FortiAuthenticator as RADIUS server on the FortiWLC
Creating the Captive Portal profile on the FortiWLC
Creating the security profile on the FortiWLC
Creating the QoS rule on the FortiWLC
Creating the ESS Profile on the FortiWLC
Creating FortiWLC as RADIUS client on the FortiAuthenticator
Creating the portal and access point on FortiAuthenticator
Creating the portal policy on FortiAuthenticator
Results
FortiAuthenticator as a Wireless Guest Portal for FortiGate
Configuring FortiGate as a RADIUS client
Creating a user group on FortiAuthenticator for guest users
Creating a guest portal on FortiAuthenticator
Configuring an access point on FortiAuthenticator
Configuring a captive portal policy on FortiAuthenticator
Configuring FortiAuthenticator as a RADIUS server on FortiGate
Creating a guest group on FortiGate
Creating a wireless guest SSID on FortiGate
Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet
Configuring firewall authentication portal settings on FortiGate
FortiAuthenticator as a Wired Guest Portal for FortiGate
Configuring FortiGate as a RADIUS client
Creating a user group on FortiAuthenticator for guest users
Creating a guest portal on FortiAuthenticator
Configuring an access point on FortiAuthenticator
Configuring a captive portal policy on FortiAuthenticator
Configuring FortiAuthenticator as a RADIUS server on FortiGate
Creating a guest group on FortiGate
Creating a wired guest interface on FortiSwitch
Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet
Configuring firewall authentication portal settings on FortiGate
MAC authentication bypass
MAC authentication bypass with dynamic VLAN assignment
Configuring MAC authentication bypass on the FortiAuthenticator
Configuring the user group
Configuring RADIUS settings on FortiAuthenticator
Configuring the 3rd-party switch
Results
Self-service Portal
FortiAuthenticator user self-registration
Creating a self-registration user group
Enabling self-registration
Creating a new SMTP server
Results - Self-registration
Results - Administrator approval
VPNs
LDAP authentication for SSL VPN with FortiAuthenticator
Creating the user and user group on the FortiAuthenticator
Creating the LDAP directory tree on the FortiAuthenticator
Connecting the FortiGate to the LDAP server
Creating the LDAP user group on the FortiGate
Configuring the SSL-VPN
Results
SMS two-factor authentication for SSL VPN
Creating an SMS user and user group on the FortiAuthenticator
Configuring the FortiAuthenticator RADIUS client
Configuring the FortiGate authentication settings
Configuring the SSL-VPN
Creating the security policy for VPN access to the Internet
Results
WiFi authentication
Assigning WiFi users to VLANs dynamically
Configuring the FortiAuthenticator
Adding the RADIUS server to the FortiGate
Creating an SSID with dynamic VLAN assignment
Creating the VLAN interfaces
Creating security policies
Creating the FortiAP profile
Connecting and authorizing the FortiAP
Results
WiFi using FortiAuthenticator RADIUS with certificates
Creating a local CA on FortiAuthenticator
Creating a local service certificate on FortiAuthenticator
Configuring RADIUS EAP on FortiAuthenticator
Configuring RADIUS client on FortiAuthenticator
Configuring local user on FortiAuthenticator
Configuring local user certificate on FortiAuthenticator
Creating RADIUS server on FortiGate
Creating WiFi SSID on FortiGate
Exporting user certificate from FortiAuthenticator
Importing user certificate into Windows 10
Configuring Windows 10 wireless profile to use certificate
Results
WiFi RADIUS authentication with FortiAuthenticator
Creating users and user groups on the FortiAuthenticator
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Configuring FortiGate to use the RADIUS server
Creating SSID and set up authentication
Connecting and authorizing the FortiAP
Creating the security policy
Results
WiFi with WSSO using FortiAuthenticator RADIUS and Attributes
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Creating users on the FortiAuthenticator
Creating user groups on the FortiAuthenticator
Configuring the FortiGate to use the FortiAuthenticator as the RADIUS server
Configuring user groups on the FortiGate
Creating security policies
Configuring the SSID to RADIUS authentication
Results
802.1X authentication using FortiAuthenticator with Google Workspace User Database
Configuring FortiGate as a RADIUS client
Creating a realm and RADIUS policy with EAP-TTLS authentication
Configuring FortiAuthenticator as a RADIUS server in FortiGate
Configuring a WPA2-Enterprise with FortiAuthenticator as the RADIUS server
Configuring Windows or macOS to use EAP-TTLS and PAP
LDAP Authentication
Google Workspace integration using LDAP
Generating the Google Workspace certificate
Importing the certificate to FortiAuthenticator
Configuring LDAP on the FortiAuthenticator
Troubleshooting
SAML Authentication
SAML IdP proxy for Azure
Configuring OAuth settings
Configuring the remote SAML server
Creating a remote SAML user synchronization rule
Configuring an Azure realm
Configuring SAML IdP settings
Configuring SP settings on FortiAuthenticator
Configuring the login page replacement message
Results
SAML IdP proxy for Google Workspace
Configuring OAuth settings
Configuring the remote SAML server
Creating a remote SAML user synchronization rule
Configuring a Google Workspace Realm
Configuring IdP settings
Configuring SP settings on FortiAuthenticator
Configuring the login page replacement message
Results
SAML FSSO with FortiAuthenticator and Okta
Configuring DNS and FortiAuthenticator's FQDN
Enabling FSSO and SAML on FortiAuthenticator
Configuring the Okta developer account IdP application
Importing the IdP certificate and metadata on FortiAuthenticator
Configuring FSSO on FortiGate
Office 365 SAML authentication using FortiAuthenticator with 2FA
Configure the remote LDAP server on FortiAuthenticator
Configure SAML settings on FortiAuthenticator
Configure two-factor authentication on FortiAuthenticator
Configure the domain and SAML SP in Microsoft Azure AD PowerShell
Configure Microsoft Azure AD Connect
Results
FortiGate SSL VPN with FortiAuthenticator as the IdP proxy for Azure
Configuring Azure
Configuring FortiAuthenticator
Configuring FortiGate
Results
SAML FSSO with FortiAuthenticator and Microsoft Azure AD
Creating a tenant in Azure Portal
Creating an enterprise application in Azure Portal
Setting up single sign-on for an enterprise application
Adding a user group SAML attribute to the enterprise application
Adding users to an enterprise application
Adding the enterprise application as an assignment
Registering the enterprise application with Microsoft identity platform and generating authentication key
Creating a remote OAuth server with Azure application ID and authentication key
Creating a remote SAML server
Setting up SAML SSO in FortiAuthenticator
Adding an FSSO agent
Configuring an interface to use an external captive portal
Configuring a policy to allow a local network to access Microsoft Azure services
Creating an exempt policy to allow users to access the captive portal
Results
Office 365 SAML authentication using FortiAuthenticator with 2FA in Azure/ADFS hybrid environment
Configure FortiAuthenticator as an SP in ADFS
Configure the remote SAML server on FortiAuthenticator
Configure SAML settings on FortiAuthenticator
Configure two-factor authentication on FortiAuthenticator
Configure FortiAuthenticator replacement messages
Results
SSL VPN SAML authentication using FortiAuthenticator with OneLogin as SAML IdP
Creating an OneLogin application
Configuring an application on OneLogin
Configuring application parameters on OneLogin
Configuring SSO on OneLogin
Granting user access to the application
Configuring a remote SAML server
Configuring an OneLogin realm
Creating remote SAML users
Configuring SAML IdP settings
Configuring FortiAuthenticator replacement message
Configuring FortiGate SP settings on FortiAuthenticator
Uploading SAML IdP certificate to the FortiGate SP
Creating SAML user and server
Mapping SSL VPN authentication portal
Increasing remote authentication timeout using FortiGate CLI
Configuring a policy to allow users access to allowed network resources
FortiGate SSL VPN with FortiAuthenticator as SAML IdP
Certificate management
FortiAuthenticator user management
SAML IdP and SP configurations
FortiGate user management
FortiGate SSL VPN configurations
FortiClient configurations
Testing and verification
Computer Authentication
Computer authentication using FortiAuthenticator with MS AD Root CA
Configure the certificates and Root CA
Configure LDAP users on FortiAuthenticator
Configuring the LDAP server
Creating a user realm
Creating a user group
Importing users with a remote user sync rule
Configure RADIUS authentication
Adding RADIUS attributes
Configuring the RADIUS client
Configuring the EAP server certificate
Creating a RADIUS policy
Configuring the RADIUS server on FortiGate
Configure the SSID and interface objects
Results
WiFi onboarding using FortiAuthenticator Smart Connect
Initial settings on FortiAuthenticator
Install certificates
Configure the RADIUS client settings
Configure the local root CA
Configure the EAP server certificate and CA for EAP-TLS
Option A - WiFi onboarding with Smart Connect and Google Workspace
Configure Google Workspace LDAPS Integration
Provision the LDAP connector in Google Workspace
Configure certificates on FortiAuthenticator
Configure the remote LDAP server and users
Configure Smart Connect and the captive portal
Create the Smart Connect profile
Create the captive portal
Create the self-service portal policy
Configure RADIUS settings on FortiAuthenticator
Option B - WiFi onboarding with Smart Connect and Azure
Configure Azure AD DS LDAPS integration
Provision the LDAPS connector in Azure AD DS
Provision the remote LDAP server on FortiAuthenticator
Configure Smart Connect and the captive portal
Create the Smart Connect profile
Create the captive portal
Create the self-service portal policy
Configure RADIUS settings on FortiAuthenticator
FortiGate configuration
Configure the RADIUS server on FortiGate
Create the user group for cloud-based directory user accounts
Provision the Onboarding and Secure WiFi networks
Results
Smart Connect Windows device onboarding process
Smart Connect iOS device onboarding process
ZTNA
Setting up a zero trust tunnel
Configuring a zero trust tunnel on FortiAuthenticator
Configuring an LDAP server with zero trust tunnel enabled on FortiAuthenticator
Configuring certificate authentication for FortiAuthenticator
Configuring a ZTNA server
Configuring a ZTNA rule
Debugging
Change Log
