RADIUS Servers
The FortiSandbox system supports remote authentication of administrators using RADIUS servers. To use this feature, you must configure the appropriate server entries in the FortiSandbox unit for each authentication server in your network.
If you have configured RADIUS support and require a user to authenticate using a RADIUS server, the FortiSandbox unit contacts the RADIUS server for authentication. To authenticate with the FortiSandbox unit, the user enters a user name and password. The FortiSandbox unit sends this user name and password to the RADIUS server. If the RADIUS server can authenticate the user, the FortiSandbox unit successfully authenticates the user. If the RADIUS server cannot authenticate the user, the FortiSandbox unit refuses the connection.
The following options are available:
Create New |
Select to add a RADIUS server. |
Edit |
Select a RADIUS server in the list and click Edit in the toolbar to edit the entry. |
Delete |
Select a RADIUS server in the list and click Delete in the toolbar to delete the entry. |
The following information is displayed:
Name |
The RADIUS server name. |
Primary Address |
The primary server IP address. |
Secondary Address |
The secondary server IP address. |
Port |
The port used for RADIUS traffic. The default port is 1812. |
Auth Type |
The authentication type the RADIUS server requires. The default setting of ANY has the FortiSandbox try all the authentication types. Select ANY, PAP, CHAP, or MSv2. |
To create a new RADIUS server:
- Go to System > RADIUS Servers.
- Select Create New from the toolbar.
- Configure the following settings:
Name
Enter a name to identify the RADIUS server. The name should be unique to FortiSandbox.
Primary Server Name/IP
Enter the IP address or fully qualified domain name of the primary RADIUS server.
Secondary Server Name/IP
Enter the IP address or fully qualified domain name of the secondary RADIUS server.
Port
Enter the port for RADIUS traffic. The default port is 1812.
Auth Type
Enter the authentication type the RADIUS server requires. The default setting of ANY has the FortiSandbox try all the authentication types. Select one of: ANY, PAP, CHAP, or MSv2.
Primary Secret
Enter the primary RADIUS server secret.
Secondary Secret
Enter the secondary RADIUS server secret.
NAS IP
Enter the NAS IP address.
- Select OK to create the RADIUS server.
FortiSandbox supports the shared RADIUS secret of PAP authentication type up to a maximum of 52 characters in length. |