Fortinet black logo

Administration Guide

RADIUS Servers

Copy Link
Copy Doc ID af12b5b0-1c45-11ea-9384-00505692583a:75685
Download PDF

RADIUS Servers

The FortiSandbox system supports remote authentication of administrators using RADIUS servers. To use this feature, you must configure the appropriate server entries in the FortiSandbox unit for each authentication server in your network.

If you have configured RADIUS support and require a user to authenticate using a RADIUS server, the FortiSandbox unit contacts the RADIUS server for authentication. To authenticate with the FortiSandbox unit, the user enters a user name and password. The FortiSandbox unit sends this user name and password to the RADIUS server. If the RADIUS server can authenticate the user, the FortiSandbox unit successfully authenticates the user. If the RADIUS server cannot authenticate the user, the FortiSandbox unit refuses the connection.

The following options are available:

Create New

Select to add a RADIUS server.

Edit

Select a RADIUS server in the list and click Edit in the toolbar to edit the entry.

Delete

Select a RADIUS server in the list and click Delete in the toolbar to delete the entry.

The following information is displayed:

Name

The RADIUS server name.

Primary Address

The primary server IP address.

Secondary Address

The secondary server IP address.

Port

The port used for RADIUS traffic. The default port is 1812.

Auth Type

The authentication type the RADIUS server requires. The default setting of ANY has the FortiSandbox try all the authentication types. Select one of: ANY, PAP, CHAP, or MSv2.

To add a RADIUS server:
  1. Go to System > RADIUS Servers.
  2. Select + Create New from the toolbar.

  3. Configure the following settings:

    Name

    Enter a name to identify the RADIUS server. The name should be unique to FortiSandbox.

    Primary Server Name/IP

    Enter the IP address or fully qualified domain name of the primary RADIUS server.

    Secondary Server Name/IP

    Enter the IP address or fully qualified domain name of the secondary RADIUS server.

    Port

    Enter the port for RADIUS traffic. The default port is 1812.

    Auth Type

    Enter the authentication type the RADIUS server requires. The default setting of ANY has the FortiSandbox try all the authentication types. Select one of: ANY, PAP, CHAP, or MSv2.

    Primary Secret

    Enter the primary RADIUS server secret.

    Secondary Secret

    Enter the secondary RADIUS server secret.

    NAS IP

    Enter the NAS IP address.

  4. Select OK to add the RADIUS server.
Note

FortiSandbox supports the shared RADIUS secret key up to a maximum of 16 characters in length, the same as FortiOS.

RADIUS Servers

The FortiSandbox system supports remote authentication of administrators using RADIUS servers. To use this feature, you must configure the appropriate server entries in the FortiSandbox unit for each authentication server in your network.

If you have configured RADIUS support and require a user to authenticate using a RADIUS server, the FortiSandbox unit contacts the RADIUS server for authentication. To authenticate with the FortiSandbox unit, the user enters a user name and password. The FortiSandbox unit sends this user name and password to the RADIUS server. If the RADIUS server can authenticate the user, the FortiSandbox unit successfully authenticates the user. If the RADIUS server cannot authenticate the user, the FortiSandbox unit refuses the connection.

The following options are available:

Create New

Select to add a RADIUS server.

Edit

Select a RADIUS server in the list and click Edit in the toolbar to edit the entry.

Delete

Select a RADIUS server in the list and click Delete in the toolbar to delete the entry.

The following information is displayed:

Name

The RADIUS server name.

Primary Address

The primary server IP address.

Secondary Address

The secondary server IP address.

Port

The port used for RADIUS traffic. The default port is 1812.

Auth Type

The authentication type the RADIUS server requires. The default setting of ANY has the FortiSandbox try all the authentication types. Select one of: ANY, PAP, CHAP, or MSv2.

To add a RADIUS server:
  1. Go to System > RADIUS Servers.
  2. Select + Create New from the toolbar.

  3. Configure the following settings:

    Name

    Enter a name to identify the RADIUS server. The name should be unique to FortiSandbox.

    Primary Server Name/IP

    Enter the IP address or fully qualified domain name of the primary RADIUS server.

    Secondary Server Name/IP

    Enter the IP address or fully qualified domain name of the secondary RADIUS server.

    Port

    Enter the port for RADIUS traffic. The default port is 1812.

    Auth Type

    Enter the authentication type the RADIUS server requires. The default setting of ANY has the FortiSandbox try all the authentication types. Select one of: ANY, PAP, CHAP, or MSv2.

    Primary Secret

    Enter the primary RADIUS server secret.

    Secondary Secret

    Enter the secondary RADIUS server secret.

    NAS IP

    Enter the NAS IP address.

  4. Select OK to add the RADIUS server.
Note

FortiSandbox supports the shared RADIUS secret key up to a maximum of 16 characters in length, the same as FortiOS.