Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
Flex-VM
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
Filter Products
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
Filter Products
AscenLink
AV Engine
AWS Firewall Rules
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiExtender Cloud
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
Cookbook
Certificate management
FortiAuthenticator as a Certificate Authority
Creating a new CA on the FortiAuthenticator
Installing the CA on the network
Creating a CSR on the FortiGate
Importing and signing the CSR on the FortiAuthenticator
Importing the local certificate to the FortiGate
Configuring the certificate for the GUI
Results
FortiAuthenticator Certificate with SSL Inspection
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiToken and FortiToken Mobile
FortiToken Mobile Push for SSL VPN
Adding a FortiToken to the FortiAuthenticator
Adding the user to the FortiAuthenticator
Creating the RADIUS client on the FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL VPN
Results
Self-service Portal
FortiAuthenticator user self-registration
Creating a self-registration user group
Enabling self-registration
Creating a new SMTP server
Results - Self-registration
Results - Administrator approval
VPNs
LDAP authentication for SSL VPN with FortiAuthenticator
Creating the user and user group on the FortiAuthenticator
Creating the LDAP directory tree on the FortiAuthenticator
Connecting the FortiGate to the LDAP server
Creating the LDAP user group on the FortiGate
Configuring the SSL VPN
Results
SMS two-factor authentication for SSL VPN
Creating an SMS user and user group on the FortiAuthenticator
Configuring the FortiAuthenticator RADIUS client
Configuring the FortiGate authentication settings
Configuring the SSL VPN
Creating the security policy for VPN access to the Internet
Results
WiFi authentication
Assigning WiFi users to VLANs dynamically
Configuring the FortiAuthenticator
Adding the RADIUS server to the FortiGate
Creating an SSID with dynamic VLAN assignment
Creating the VLAN interfaces
Creating security policies
Creating the FortiAP profile
Connecting and authorizing the FortiAP
Results
WiFi using FortiAuthenticator RADIUS with certificates
Creating a local CA on FortiAuthenticator
Creating a local service certificate on FortiAuthenticator
Configuring RADIUS EAP on FortiAuthenticator
Configuring RADIUS client on FortiAuthenticator
Configuring local user on FortiAuthenticator
Configuring local user certificate on FortiAuthenticator
Creating RADIUS server on FortiGate
Creating WiFi SSID on FortiGate
Exporting user certificate from FortiAuthenticator
Importing user certificate into Windows 10
Configuring Windows 10 wireless profile to use certificate
Results
WiFi RADIUS authentication with FortiAuthenticator
Creating users and user groups on the FortiAuthenticator
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Configuring FortiGate to use the RADIUS server
Creating SSID and set up authentication
Connecting and authorizing the FortiAP
Creating the security policy
Results
WiFi with WSSO using FortiAuthenticator RADIUS and Attributes
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Creating users on the FortiAuthenticator
Creating user groups on the FortiAuthenticator
Configuring the FortiGate to use the FortiAuthenticator as the RADIUS server
Configuring user groups on the FortiGate
Creating security policies
Configuring the SSID to RADIUS authentication
Results
LDAP Authentication
G Suite integration using LDAP
Generating the G Suite certificate
Importing the certificate to FortiAuthenticator
Configuring LDAP on the FortiAuthenticator
Troubleshooting
Change Log
Home
FortiAuthenticator 6.0.0
Cookbook
6.0.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.0
5.5.0
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Go to
Authentication > RADIUS Service > Clients
and create a client account.
Enable all
EAP types
, set
Realm
to
local
, and apply the
employees
user group.
Previous
Next
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Go to
Authentication > RADIUS Service > Clients
and create a client account.
Enable all
EAP types
, set
Realm
to
local
, and apply the
employees
user group.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
Flex-VM
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiExtender Cloud
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Certificate management
FortiAuthenticator as a Certificate Authority
Creating a new CA on the FortiAuthenticator
Installing the CA on the network
Creating a CSR on the FortiGate
Importing and signing the CSR on the FortiAuthenticator
Importing the local certificate to the FortiGate
Configuring the certificate for the GUI
Results
FortiAuthenticator Certificate with SSL Inspection
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiToken and FortiToken Mobile
FortiToken Mobile Push for SSL VPN
Adding a FortiToken to the FortiAuthenticator
Adding the user to the FortiAuthenticator
Creating the RADIUS client on the FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL VPN
Results
Self-service Portal
FortiAuthenticator user self-registration
Creating a self-registration user group
Enabling self-registration
Creating a new SMTP server
Results - Self-registration
Results - Administrator approval
VPNs
LDAP authentication for SSL VPN with FortiAuthenticator
Creating the user and user group on the FortiAuthenticator
Creating the LDAP directory tree on the FortiAuthenticator
Connecting the FortiGate to the LDAP server
Creating the LDAP user group on the FortiGate
Configuring the SSL VPN
Results
SMS two-factor authentication for SSL VPN
Creating an SMS user and user group on the FortiAuthenticator
Configuring the FortiAuthenticator RADIUS client
Configuring the FortiGate authentication settings
Configuring the SSL VPN
Creating the security policy for VPN access to the Internet
Results
WiFi authentication
Assigning WiFi users to VLANs dynamically
Configuring the FortiAuthenticator
Adding the RADIUS server to the FortiGate
Creating an SSID with dynamic VLAN assignment
Creating the VLAN interfaces
Creating security policies
Creating the FortiAP profile
Connecting and authorizing the FortiAP
Results
WiFi using FortiAuthenticator RADIUS with certificates
Creating a local CA on FortiAuthenticator
Creating a local service certificate on FortiAuthenticator
Configuring RADIUS EAP on FortiAuthenticator
Configuring RADIUS client on FortiAuthenticator
Configuring local user on FortiAuthenticator
Configuring local user certificate on FortiAuthenticator
Creating RADIUS server on FortiGate
Creating WiFi SSID on FortiGate
Exporting user certificate from FortiAuthenticator
Importing user certificate into Windows 10
Configuring Windows 10 wireless profile to use certificate
Results
WiFi RADIUS authentication with FortiAuthenticator
Creating users and user groups on the FortiAuthenticator
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Configuring FortiGate to use the RADIUS server
Creating SSID and set up authentication
Connecting and authorizing the FortiAP
Creating the security policy
Results
WiFi with WSSO using FortiAuthenticator RADIUS and Attributes
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Creating users on the FortiAuthenticator
Creating user groups on the FortiAuthenticator
Configuring the FortiGate to use the FortiAuthenticator as the RADIUS server
Configuring user groups on the FortiGate
Creating security policies
Configuring the SSID to RADIUS authentication
Results
LDAP Authentication
G Suite integration using LDAP
Generating the G Suite certificate
Importing the certificate to FortiAuthenticator
Configuring LDAP on the FortiAuthenticator
Troubleshooting
Change Log