Table of Contents
Advertisement
RADIUS servers
Configuring the FortiGate unit to use a RADIUS server
16
Table 1: RADIUS attributes sent in RADIUS accounting message
AUTHENTICATION METHOD
Web
XAuth of IPSec (without DHCP)
XAuth of IPSec (with DHCP)
PPTP/L2TP (in PPP)
SSL-VPN
In order to support vendor-specific attributes (VSA), the RADIUS server requires a
dictionary to define what the VSAs are.
Fortinet's dictionary is configured this way:
##
Fortinet's VSA's
#
VENDOR fortinet 12356
BEGIN-VENDOR fortinet
ATTRIBUTE Fortinet-Group-Name 1 string
ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr
ATTRIBUTE Fortinet-Vdom-Name 3 string
#
# Integer Translations
#
END-VENDOR Fortinet
See the documentation provided with your RADIUS server for configuration
details.
To configure the FortiGate unit to use a RADIUS server, you need to know the
server's domain name or IP address and its shared secret key. You will select the
authentication protocol. The maximum number of remote RADIUS servers that
can be configured for authentication is 10.
On the FortiGate unit, the default port for RADIUS traffic is 1812. If your RADIUS
server is using port 1645, you can either:
•
Reconfigure the RADIUS server to use port 1812. See your RADIUS server
documentation for more information.
or
Authentication servers
ATTRIBUTE
1
2
3
4
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828
5
6
7
X
X
X
X
X
X
X
Advertisement
Table of Contents
