beautypg.com

Table 1 – Fortinet FortiGate v3.0 MR7 User Manual

Page 16

background image

FortiOS v3.0 MR7 User Authentication User Guide

16

01-30007-0347-20080828

RADIUS servers

Authentication servers

In order to support vendor-specific attributes (VSA), the RADIUS server requires a
dictionary to define what the VSAs are.

Fortinet’s dictionary is configured this way:

##

Fortinet’s VSA’s

#

VENDOR fortinet 12356

BEGIN-VENDOR fortinet

ATTRIBUTE Fortinet-Group-Name 1 string

ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr

ATTRIBUTE Fortinet-Vdom-Name 3 string

#

# Integer Translations

#

END-VENDOR Fortinet

See the documentation provided with your RADIUS server for configuration
details.

Configuring the FortiGate unit to use a RADIUS server

To configure the FortiGate unit to use a RADIUS server, you need to know the
server’s domain name or IP address and its shared secret key. You will select the
authentication protocol. The maximum number of remote RADIUS servers that
can be configured for authentication is 10.

On the FortiGate unit, the default port for RADIUS traffic is 1812. If your RADIUS
server is using port 1645, you can either:

Reconfigure the RADIUS server to use port 1812. See your RADIUS server
documentation for more information.

or

Table 1: RADIUS attributes sent in RADIUS accounting message

ATTRIBUTE

AUTHENTICATION METHOD

1

2

3

4

5

6

7

Web

X

X

X

X

XAuth of IPSec (without DHCP)

X

X

X

X

XAuth of IPSec (with DHCP)

X

X

X

X

X

PPTP/L2TP (in PPP)

X

X

X

X

X

X

X

SSL-VPN

X

X

X

X

See also other documents in the category Fortinet Hardware: