Fortinet black logo

Handbook

Using a RADIUS authentication server

Configuring a RADIUS authentication server

You can use a RADIUS authentication server to authenticate administrator or destination server user logins.

Basic steps:
  1. Configure a connection to a RADIUS server that can authenticate administrator or user logins.
  2. Select the RADIUS server configuration when you add administrator users or user groups.

Before you begin:

  • You must know the IP address, port, authentication protocol, and shared secret used to access the RADIUS server.
  • You must have Read-Write permission for System settings.
To create a RADIUS server configuration:
  1. Go to User Authentication > Remote Server.
  2. Select the RADIUS Server tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in RADIUS server configuration.
  5. Save the configuration.

RADIUS server configuration

Settings Guidelines

Name

Specify a unique name for the RADIUS server configuration. Valid characters are A-Z, a-z, 0-9, _, and -. No space is allowed.

After you initially save the configuration, you cannot edit the name.

Server

IP address or DQDN of the remote RADIUS server.

Port

The listening port of the RADIUS server. The commonly used port for a RADIUS server is 1812.

Shared Secret

Shared secret string used when connecting to the server.

Authentication Protocol

  • PAP—Password authentication protocol
  • CHAP—Challenge-Handshake Authentication Protocol.
  • MS-CHAP—Microsoft version of CHAP.
  • MS-CHAPv2—Microsoft version of CHAP, version 2.

Timeout

Specify the amount of time that FortiADC must wait for responses from the remote RADIUS server before it times out the connection. Valid values are from 5 to 60 seconds. The default is 5 seconds.

Test Connection

Tests the connectivity of the RADIUS server.

Configuring a RADIUS authentication server

You can use a RADIUS authentication server to authenticate administrator or destination server user logins.

Basic steps:
  1. Configure a connection to a RADIUS server that can authenticate administrator or user logins.
  2. Select the RADIUS server configuration when you add administrator users or user groups.

Before you begin:

  • You must know the IP address, port, authentication protocol, and shared secret used to access the RADIUS server.
  • You must have Read-Write permission for System settings.
To create a RADIUS server configuration:
  1. Go to User Authentication > Remote Server.
  2. Select the RADIUS Server tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in RADIUS server configuration.
  5. Save the configuration.

RADIUS server configuration

Settings Guidelines

Name

Specify a unique name for the RADIUS server configuration. Valid characters are A-Z, a-z, 0-9, _, and -. No space is allowed.

After you initially save the configuration, you cannot edit the name.

Server

IP address or DQDN of the remote RADIUS server.

Port

The listening port of the RADIUS server. The commonly used port for a RADIUS server is 1812.

Shared Secret

Shared secret string used when connecting to the server.

Authentication Protocol

  • PAP—Password authentication protocol
  • CHAP—Challenge-Handshake Authentication Protocol.
  • MS-CHAP—Microsoft version of CHAP.
  • MS-CHAPv2—Microsoft version of CHAP, version 2.

Timeout

Specify the amount of time that FortiADC must wait for responses from the remote RADIUS server before it times out the connection. Valid values are from 5 to 60 seconds. The default is 5 seconds.

Test Connection

Tests the connectivity of the RADIUS server.