Configuring RADIUS SSO authentication

A common RADIUS SSO (RSSO) topology involves a medium-sized company network of users connecting to the Internet through the FortiGate and authenticating with a RADIUS server. The following describes how to configure FortiOS for this scenario. The example makes the following assumptions:

  • VDOMs are not enabled.
  • The super_admin account is used for all FortiGate configuration.
  • A RADIUS server is installed on a server or FortiAuthenticator and uses default attributes.
  • BGP is used for any dynamic routing.
  • You have configured authentication event logging under Log & Report.

Example.com has an office with 20 users on the internal network who need access to the Internet. The office network is protected by a FortiGate-60C with access to the Internet through the wan1 interface, the user network on the internal interface, and all servers are on the DMZ interface. This includes an Ubuntu sever running FreeRADIUS. This example configures two users:

User

Account