Fortinet Document Library

Version:


Table of Contents

Cookbook

6.0.0
Download PDF
Copy Link

WiFi using FortiAuthenticator RADIUS with certificates

This recipe will walk you through the configuration of FortiAuthenticator as the RADIUS server for a FortiGate wireless controller. WPA2-Enterprise with 802.1X authentication can be used to authenticate wireless users with FortiAuthenticator. 802.1X utilizes the Extensible Authentication Protocol (EAP) to establish a secure tunnel between participants involved in an authentication exchange.

EAP-TLS is the most secure form of wireless authentication because it replaces the client username/password with a client certificate. Every end user, including the authentication server, that participates in EAP-TLS must possess at least two certificates:

  1. A client certificate signed by the certificate authority (CA)
  2. A copy of the CA root certificate.

This recipe specifically focuses on the configuration of the FortiAuthenticator, FortiGate, and Windows 10 computer.

WiFi using FortiAuthenticator RADIUS with certificates

This recipe will walk you through the configuration of FortiAuthenticator as the RADIUS server for a FortiGate wireless controller. WPA2-Enterprise with 802.1X authentication can be used to authenticate wireless users with FortiAuthenticator. 802.1X utilizes the Extensible Authentication Protocol (EAP) to establish a secure tunnel between participants involved in an authentication exchange.

EAP-TLS is the most secure form of wireless authentication because it replaces the client username/password with a client certificate. Every end user, including the authentication server, that participates in EAP-TLS must possess at least two certificates:

  1. A client certificate signed by the certificate authority (CA)
  2. A copy of the CA root certificate.

This recipe specifically focuses on the configuration of the FortiAuthenticator, FortiGate, and Windows 10 computer.