Fortinet black logo

Administration Guide

RADIUS servers

RADIUS servers

Remote Authentication Dial-in User (RADIUS) is a user authentication and network-usage accounting system. When users connect to a server they type a user name and password. This information is passed to a RADIUS server, which authenticates the user and authorizes access to the network.

You can create or edit RADIUS server entries in the server list to support authentication of administrators. When an administrator account’s type is set to RADIUS, the FortiAnalyzer unit uses the RADIUS server to verify the administrator password at log on. The password is not stored on the FortiAnalyzer unit.

To use a RADIUS server to authenticate administrators, you must configure the server before configuring the administrator accounts that will use it.

To add a RADIUS server:
  1. Go to System Settings > Admin > Remote Authentication Server.
  2. Select Create New > RADIUS Server from the toolbar. The New RADIUS Server pane opens.

  3. Configure the following settings, and then click OK to add the RADIUS server.

    Name

    Enter a name to identify the RADIUS server.

    Server Name/IP

    Enter the IP address or fully qualified domain name of the RADIUS server.

    Port

    Enter the port for RADIUS traffic. The default port is 1812. Some RADIUS servers use port 1645.

    Server Secret

    Enter the RADIUS server secret. Click the eye icon to Show or Hide the server secret.

    Test Connectivity

    Click Test Connectivity to test the connectivity with the RADIUS server. Shows success or failure.

    Test User Credentials

    Click Test User Credentials to test the user credentials. Shows success or failure.

    Secondary Server Name/IP

    Enter the IP address or fully qualified domain name of the secondary RADIUS server.

    Secondary Server Secret

    Enter the secondary RADIUS server secret.

    Authentication Type

    Select the authentication type the RADIUS server requires. If you select the default ANY, FortiAnalyzer tries all authentication types.

    Advanced Options

    nas-ip

    Specify the IP address for the Network Attached Storage (NAS).

RADIUS servers

Remote Authentication Dial-in User (RADIUS) is a user authentication and network-usage accounting system. When users connect to a server they type a user name and password. This information is passed to a RADIUS server, which authenticates the user and authorizes access to the network.

You can create or edit RADIUS server entries in the server list to support authentication of administrators. When an administrator account’s type is set to RADIUS, the FortiAnalyzer unit uses the RADIUS server to verify the administrator password at log on. The password is not stored on the FortiAnalyzer unit.

To use a RADIUS server to authenticate administrators, you must configure the server before configuring the administrator accounts that will use it.

To add a RADIUS server:
  1. Go to System Settings > Admin > Remote Authentication Server.
  2. Select Create New > RADIUS Server from the toolbar. The New RADIUS Server pane opens.

  3. Configure the following settings, and then click OK to add the RADIUS server.

    Name

    Enter a name to identify the RADIUS server.

    Server Name/IP

    Enter the IP address or fully qualified domain name of the RADIUS server.

    Port

    Enter the port for RADIUS traffic. The default port is 1812. Some RADIUS servers use port 1645.

    Server Secret

    Enter the RADIUS server secret. Click the eye icon to Show or Hide the server secret.

    Test Connectivity

    Click Test Connectivity to test the connectivity with the RADIUS server. Shows success or failure.

    Test User Credentials

    Click Test User Credentials to test the user credentials. Shows success or failure.

    Secondary Server Name/IP

    Enter the IP address or fully qualified domain name of the secondary RADIUS server.

    Secondary Server Secret

    Enter the secondary RADIUS server secret.

    Authentication Type

    Select the authentication type the RADIUS server requires. If you select the default ANY, FortiAnalyzer tries all authentication types.

    Advanced Options

    nas-ip

    Specify the IP address for the Network Attached Storage (NAS).