- On the FortiGate, go to User & Device > RADIUS Servers, and select Create New to connect to the RADIUS server (FortiAuthenticator).
- Then go to User & Device > User Groups, and select Create New to map authenticated remote users to a user group on the FortiGate.
- In the FortiGate CLI, increase the remote authentication timeout to 60 seconds.
#config system global
#set remoteauthtimeout 60
Enter a Name (OfficeRADIUS), the IP address of the FortiAuthenticator, and enter the Secret created before.
Select Test Connectivity to be sure you can connect to the RADIUS server. Then select Test User Credentials and enter the credentials for gthreepwood.
Because the user has been assigned a FortiToken, the test should return stating that More validation is required.
The FortiGate can now connect to the FortiAuthenticator as the RADIUS client configured earlier.
Enter a Name (SSLVPNGroup) and select Add under Remote Groups.
Select OfficeRADIUS under the Remote Server drop-down menu, and leave the Groups field blank.