SSL VPN with RADIUS on FortiAuthenticator

This is a sample configuration of SSL VPN that uses FortiAuthenticator as a RADIUS authentication server.

Sample topology

Sample configuration

WAN interface is the interface connected to ISP. This example shows static mode. You can also use DHCP or PPPoE mode. The SSL VPN connection is established over the WAN interface.

To configure FortiAuthenticator using the GUI:
  1. Create a user on the FortiAuthenticator.
    1. On the FortiAuthenticator, go to Authentication > User Management > Local Users to create a user sslvpnuser1.
    2. Enable Allow RADIUS authentication and click OK to access additional settings.
    3. Go to Authentication > User Management > User Groups to create a group sslvpngroup.
    4. Add sslvpnuser1 to the group by moving the user from Available users to Selected users.
  2. Create the RADIUS client (FortiGate) on the FortiAuthenticator.
    1. On the FortiAuthenticator, go to Authentication > RADIUS Service > Clients to add the FortiGate as a RADIUS client OfficeServer).
    2. Enter the FortiGate IP address and set a Secret.

      The secret is a pre-shared secure password that the FortiGate uses to authenticate to the FortiAuthenticator.

    3. Set Realms to local | Local users.
To configure SSL VPN using the GUI:
  1. Configure the interface and firewall address. The port1 interface connects to the internal network.
    1. Go t