A FortiGate or FortiMail unit can transparently identify users who have already authenticated on an external RADIUS server by parsing RADIUS accounting records. However, this approach has potential difficulties:
- The RADIUS server is business-critical IT infrastructure, limiting the changes that can be made to the server configuration.
- In some cases, the server can send accounting records only to a single endpoint. Some network topologies may require multiple endpoints.
The FortiAuthenticator RADIUS accounting proxy overcomes these limitations by proxying the RADIUS accounting records, modifying them, and replicating them to the multiple subscribing endpoints as needed.