Fortinet FortiGate v3.0 MR7 User Manual

Authentication servers

RADIUS servers

FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828

17

•

Change the FortiGate unit default RADIUS port to 1645 using the CLI:

config system global

set radius_port 1645

end

To configure the FortiGate unit for RADIUS authentication - web-based
manager

1

Go to User > Remote > RADIUS and select Create New.

2

Enter the following information, and select OK.

Figure 1: Configure FortiGate unit for RADIUS authentication

Name

Enter the name that is used to identify the RADIUS server
on the FortiGate unit.

Primary Server Name/IP

Enter the domain name or IP address of the primary
RADIUS server.

Primary Server Secret

Enter the RADIUS server secret key for the primary
RADIUS server.

Secondary Server Name/IP Enter the domain name or IP address of the secondary

RADIUS server, if you have one.

Secondary Server Secret

Enter the RADIUS server secret key for the secondary
RADIUS server.

Authentication Scheme

Select Use Default Authentication Scheme to authenticate
with the default method. The default authentication scheme
uses PAP, MS-CHAP-V2, and CHAP, in that order.
Select Specify Authentication Protocol to override the
default authentication method, and choose the protocol
from the list: MS-CHAP-V2, MS-CHAP, CHAP, or PAP,
depending on what your RADIUS server needs.

NAS IP/Called Station ID

Enter the NAS IP address and Called Station ID (for more
information about RADIUS Attribute 31, see
RFC 2548 Microsoft Vendor-specific RADIUS Attributes). If
you do not enter an IP address, the IP address that the
FortiGate interface uses to communicate with the RADIUS
server will be applied.

Include in every User Group Select to have the RADIUS server automatically included in

all user groups.