Fortinet black logo

Administration Guide

Home FortiNAC-F 7.4.0 Administration Guide
7.4.0
7.4.0
7.2.0

Configure Local Server

Configure Local Server

Configure the Local server using the table below. Click OK to save.

Field

Definition

TLS Configuration

TLS Certificate, protocols,and cipher suites to use for EAP-TLS negotiation.

Can either select the default RADIUS EAP configuration, or create a new one.

New TLS Service Configuration

Click (+) and configure the following then click OK to save (See tooltips in the UI next to each selection):

  • Name

  • Certificate Alias

  • Auto Update Ciphers/Protocols (On/off)

    If Auto update is disabled, configure the following:

    • TLS Protocol(s) supported for TLS negotiation

      • TLS 1.3

      • TLS 1.2

      • TLS 1.1 (Not Recommended)

      • TLS 1.0 (Not Recommended)

    • Cipher suites for encrypting EAP-TLS tunnels. Click on each option in list to add.

Supported EAP Types

EAP Types enabled for this server configuration. Available aoptions are:

TLS

TTLS

PEAP

MD5

GTC

MSCHAPV2

FAST

Winbind Domain(s)

For MSCHAPv2 authentication, specify the winbind instances for the allowed Active Directory Server(s) or ‘Allow Any’ for authentication using any defined servers.

Manage winbind instances in the Winbind tab.

OCSP Enabled

Enable Online Certificate Status Protocol support

Previous
Next

Configure Local Server

Configure the Local server using the table below. Click OK to save.

Field

Definition

TLS Configuration

TLS Certificate, protocols,and cipher suites to use for EAP-TLS negotiation.

Can either select the default RADIUS EAP configuration, or create a new one.

New TLS Service Configuration

Click (+) and configure the following then click OK to save (See tooltips in the UI next to each selection):

  • Name

  • Certificate Alias

  • Auto Update Ciphers/Protocols (On/off)

    If Auto update is disabled, configure the following:

    • TLS Protocol(s) supported for TLS negotiation

      • TLS 1.3

      • TLS 1.2

      • TLS 1.1 (Not Recommended)

      • TLS 1.0 (Not Recommended)

    • Cipher suites for encrypting EAP-TLS tunnels. Click on each option in list to add.

Supported EAP Types

EAP Types enabled for this server configuration. Available aoptions are:

TLS

TTLS

PEAP

MD5

GTC

MSCHAPV2

FAST

Winbind Domain(s)

For MSCHAPv2 authentication, specify the winbind instances for the allowed Active Directory Server(s) or ‘Allow Any’ for authentication using any defined servers.

Manage winbind instances in the Winbind tab.

OCSP Enabled

Enable Online Certificate Status Protocol support

Previous
Next