Fortinet white logo
Fortinet white logo

Administration Guide

RADIUS Servers

RADIUS Servers

RADIUS is a broadly supported client server protocol that provides centralized authentication, authorization, and accounting functions. RADIUS clients are built into gateways that allow access to networks such as Virtual Private Network (VPN) servers, Network Access Servers (NASs), as well as network switches and firewalls that use authentication. FortiProxy units fall into the last category.

RADIUS servers use UDP packets to communicate with the RADIUS clients on the network to do the following:

  • Authenticate users before allowing them access to the network
  • Authorize access to resources by appropriate users
  • Account or bill for those resources that are used

RADIUS servers are currently defined by RFC 2865 (RADIUS) and RFC 2866 (Accounting). They listen on either UDP ports 1812 (authentication) and 1813 (accounting) or ports 1645 (authentication) and 1646 (accounting) requests. RADIUS servers exist for all major operating systems.

You must configure the RADIUS server to accept the FortiProxy unit as a client. FortiProxy units use the authentication and accounting functions of the RADIUS server.

When a configured user attempts to access the network, the FortiProxy unit forwards the authentication request to the RADIUS server, which then matches the user name and password remotely. After authentication succeeds, the RADIUS server passes the Authorization Granted message to the FortiProxy unit, which then grants the user permission to access the network.

The RADIUS server uses a “shared secret” key, along with MD5 hashing, to encrypt information passed between RADIUS servers and clients, including the FortiProxy unit. Typically, only user credentials are encrypted.

To manage RADIUS servers, go to User & Authentication > RADIUS Servers.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New

Create a RADIUS server. See Create or edit a RADIUS server.

Edit

Modify a RADIUS server. See Create or edit a RADIUS server.

Clone

Make a copy of a RADIUS server.

Delete

Remove a server or servers.

Search

Enter a search term to find in the RADIUS server list.

Name

The name that identifies the RADIUS server on the unit.

Server IP/Name

The domain name or IP address of the primary and, if applicable, secondary, RADIUS server.

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.

RADIUS Servers

RADIUS Servers

RADIUS is a broadly supported client server protocol that provides centralized authentication, authorization, and accounting functions. RADIUS clients are built into gateways that allow access to networks such as Virtual Private Network (VPN) servers, Network Access Servers (NASs), as well as network switches and firewalls that use authentication. FortiProxy units fall into the last category.

RADIUS servers use UDP packets to communicate with the RADIUS clients on the network to do the following:

  • Authenticate users before allowing them access to the network
  • Authorize access to resources by appropriate users
  • Account or bill for those resources that are used

RADIUS servers are currently defined by RFC 2865 (RADIUS) and RFC 2866 (Accounting). They listen on either UDP ports 1812 (authentication) and 1813 (accounting) or ports 1645 (authentication) and 1646 (accounting) requests. RADIUS servers exist for all major operating systems.

You must configure the RADIUS server to accept the FortiProxy unit as a client. FortiProxy units use the authentication and accounting functions of the RADIUS server.

When a configured user attempts to access the network, the FortiProxy unit forwards the authentication request to the RADIUS server, which then matches the user name and password remotely. After authentication succeeds, the RADIUS server passes the Authorization Granted message to the FortiProxy unit, which then grants the user permission to access the network.

The RADIUS server uses a “shared secret” key, along with MD5 hashing, to encrypt information passed between RADIUS servers and clients, including the FortiProxy unit. Typically, only user credentials are encrypted.

To manage RADIUS servers, go to User & Authentication > RADIUS Servers.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New

Create a RADIUS server. See Create or edit a RADIUS server.

Edit

Modify a RADIUS server. See Create or edit a RADIUS server.

Clone

Make a copy of a RADIUS server.

Delete

Remove a server or servers.

Search

Enter a search term to find in the RADIUS server list.

Name

The name that identifies the RADIUS server on the unit.

Server IP/Name

The domain name or IP address of the primary and, if applicable, secondary, RADIUS server.

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.