Fortinet black logo

Administration Guide

Home FortiNAC-F 7.4.0 Administration Guide
7.4.0
7.4.0
7.2.0

Configure Proxy Server

Configure Proxy Server

Define one or more proxy RADIUS servers that will service authentication requests for devices using this configuration.

NOTE: If domain mappings are configured and a user’s domain matches a mapping, the request will be forwarded to the server in the mapping, regardless of the server’s specified in this list.

Proxy servers can be deleted from the Network > Service Connectors view once removed from all virtual servers and domain mappings.

  1. Click + next to Proxy Servers.

  2. Click + Create.

  3. Configure the RADIUS server profile using the table below. Click OK to save.

    Field

    Definition

    Profile Name

    Name of the configuration defining the connection between a proxy RADIUS servers and FortiNAC.

    Host Name/IP Address

    Host name or IP address of the RADIUS server.

    RADIUS Secret

    Encryption key used by the RADIUS server to send authentication information.

    Server Type

    Specify the type of requests processed by the server:

    Authentication

    Authentication & Accounting

    Port

    Authentication port

    This value can either be typed in or use the up and down arrows.

    Note: When Server Type is set to both Authentication & Accounting, the specified port is the authentication port, and the accounting port will be (authentication port +1).

    Eduroam FLR

    No – Not using Eduroam

    Eduroam enabled networks only – Servers designated as a Federation Level RADIUS server (FLR) will be used to authenticate roaming guests on this network against that user’s Eduroam Identity Provider (IdP).

    A secondary is used for failover when the primary becomes unreachable, or for load-balancing.

    When Eduroam IdP functionality is enabled for this network, FLR designated servers will be registered as a valid source of RADIUS authentication requests so local users roaming on other Eduroam Service Providers (SP) can authenticate back to this network acting in an IdP capacity via the FLR. Setting to Primary or Secondary will replace any other server with that designation.

    To enable IdP vapability, an Eduroam IdP Server Configuration must be set in the Roaming Guests settings view.

    Note: Enable Eduroam SP capability by configuring local doamins in the Roaming Guests settings view, or by creating a dedicated eduroam virtual server that proxies to the FLRs, and setting it as the RADIUS server configuration on a dedicated eduroam SSID.

    See Eduroam Cookbook for details.

    Portal/Admin Default Server (Enable/Disable)

    For portal and admin login using RADIUS authentication.

    Use this server unless the user’s domain matches a configured RADIUS domain mapping.

    Enabling will replace the previous default if one is configured. This information can also be seen and configured in the Network > RADIUS > Virtual Servers > DomainMappings table.

  4. Click on the new server profile to add to the Proxy server configuration. The server will populate the Proxy Servers field. Note: Once created, the server can be viewed and modified under Network > Service Connectors.

  5. Select or create another Proxy server to add to the Proxy servers field or click Close.

    Note: If using multiple Proxy servers and the intent is for them to be used in a failover configuration, add the server acting as the primary to the list first, then the secondary.

  6. If multiple proxy servers are selected, set the Proxy Pool Type:

    Failover: The first server in the specified order is used unless it is down. In which case, the second is used and so on.

    Load Balance: Requests are split evenly among all specified servers.

  7. Click OK to save.

The Proxy servers will now display as RADIUS Service Connectors under Network > Service Connectors.

Remove Proxy Server from the Server Configuration

  1. Double click on the Virtual Server or highlight and click Edit.

  2. Click on the Proxy Servers field.

  3. In the right panel under RADIUS Servers, click on the server to remove it from the Proxy Servers field.

  4. Click Close.

  5. Click OK the save.

Previous
Next

Configure Proxy Server

Define one or more proxy RADIUS servers that will service authentication requests for devices using this configuration.

NOTE: If domain mappings are configured and a user’s domain matches a mapping, the request will be forwarded to the server in the mapping, regardless of the server’s specified in this list.

Proxy servers can be deleted from the Network > Service Connectors view once removed from all virtual servers and domain mappings.

  1. Click + next to Proxy Servers.

  2. Click + Create.

  3. Configure the RADIUS server profile using the table below. Click OK to save.

    Field

    Definition

    Profile Name

    Name of the configuration defining the connection between a proxy RADIUS servers and FortiNAC.

    Host Name/IP Address

    Host name or IP address of the RADIUS server.

    RADIUS Secret

    Encryption key used by the RADIUS server to send authentication information.

    Server Type

    Specify the type of requests processed by the server:

    Authentication

    Authentication & Accounting

    Port

    Authentication port

    This value can either be typed in or use the up and down arrows.

    Note: When Server Type is set to both Authentication & Accounting, the specified port is the authentication port, and the accounting port will be (authentication port +1).

    Eduroam FLR

    No – Not using Eduroam

    Eduroam enabled networks only – Servers designated as a Federation Level RADIUS server (FLR) will be used to authenticate roaming guests on this network against that user’s Eduroam Identity Provider (IdP).

    A secondary is used for failover when the primary becomes unreachable, or for load-balancing.

    When Eduroam IdP functionality is enabled for this network, FLR designated servers will be registered as a valid source of RADIUS authentication requests so local users roaming on other Eduroam Service Providers (SP) can authenticate back to this network acting in an IdP capacity via the FLR. Setting to Primary or Secondary will replace any other server with that designation.

    To enable IdP vapability, an Eduroam IdP Server Configuration must be set in the Roaming Guests settings view.

    Note: Enable Eduroam SP capability by configuring local doamins in the Roaming Guests settings view, or by creating a dedicated eduroam virtual server that proxies to the FLRs, and setting it as the RADIUS server configuration on a dedicated eduroam SSID.

    See Eduroam Cookbook for details.

    Portal/Admin Default Server (Enable/Disable)

    For portal and admin login using RADIUS authentication.

    Use this server unless the user’s domain matches a configured RADIUS domain mapping.

    Enabling will replace the previous default if one is configured. This information can also be seen and configured in the Network > RADIUS > Virtual Servers > DomainMappings table.

  4. Click on the new server profile to add to the Proxy server configuration. The server will populate the Proxy Servers field. Note: Once created, the server can be viewed and modified under Network > Service Connectors.

  5. Select or create another Proxy server to add to the Proxy servers field or click Close.

    Note: If using multiple Proxy servers and the intent is for them to be used in a failover configuration, add the server acting as the primary to the list first, then the secondary.

  6. If multiple proxy servers are selected, set the Proxy Pool Type:

    Failover: The first server in the specified order is used unless it is down. In which case, the second is used and so on.

    Load Balance: Requests are split evenly among all specified servers.

  7. Click OK to save.

The Proxy servers will now display as RADIUS Service Connectors under Network > Service Connectors.

Remove Proxy Server from the Server Configuration

  1. Double click on the Virtual Server or highlight and click Edit.

  2. Click on the Proxy Servers field.

  3. In the right panel under RADIUS Servers, click on the server to remove it from the Proxy Servers field.

  4. Click Close.

  5. Click OK the save.

Previous
Next