SSL VPN with RADIUS on Windows NPS

This is an example configuration of SSL VPN that uses Windows Network Policy Server (NPS) as a RADIUS authentication server.

The NPS must already be configured to accept the FortiGate as a RADIUS client and the choice of authentication method, such as MS-CHAPv2. A shared key must also have been created.

Example

The user is connecting from their PC to the FortiGate's port1 interface. RADIUS authentication occurs between the FortiGate and the Windows NPS, and the SSL-VPN connection is established once the authentication is successful.

Configure SSL-VPN with RADIUS on Windows NPS in the GUI

To configure the internal and external interfaces:
  1. Go to Network > Interfaces
  2. Edit the port1 interface and set IP/Network Mask to 192.168.2.5/24.
  3. Edit the port2 interface and set IP/Network Mask to 192.168.20.5/24.
  4. Click OK.
To create a firewall address:
  1. Go to Policy & Objects > Addresses and click Create New > Address.
  2. Set Name to 192.168.20.0.
  3. Leave Type as Subnet
  4. Set IP/Netmask to 192.168.20.0/24.
  5. Click OK.
To add the RADIUS server:
  1. Go to User & Authentication > RADIUS Servers and click Create New.