Using FortiConnect as a RADIUS server in FortiCloud

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this recipe, we use a local on-premise FortiConnect as a RADIUS server for a FortiCloud-based Captive Portal network. A Fortigate will be used to allow access from FortiCloud to FortiConnect.

We assume that FortiAP is already in your FortiCloud inventory and at least one configured AP network. Refer to FortiCloud-managed FortiAP WiFi for guidance on using FortiCloud to configure a FortiAP.

1. Allowing FortiCloud to access the local FortiConnect

On your Fortigate go to Policy & Objects > Addresses and create a new address object for FortiConnect.

 

 

Next, create an address object for FortiCloud IP used by the Captive Portal. In this example, 208.91.113.117/32 is used by apau.forticloud.com

 
Go to Policy & Objects > Virtual IPs and create a new virtual IP, pointing from your WAN to the local FortiConnect.  
Go to Policy & Object > IPv4 Policy and create a new policy to allow RADIUS requests from FortiCloud to FortiConnect.  

2. Creating FortiCloud as a RADIUS client on the FortiConnect

On your FortiConnect go to Devices > RADIUS Clients and click Add RADIUS Client

Name: name the client
: In this example, 208.91.113.117/32 is used by apau.forticloud.com
: Shared Secret between FortiCloud and FortiConnect.

 

3. Creating FortiConnect as RADIUS Server on the FortiCloud

Open your FortiCloud account and go to AP Network > “your AP network” > Configure > My RADIUS Server.

Add My RADIUS Server in upper right corner
Name: Name the connection
Primary Server Name/IP: your wan IP
Primary Shared Secret: enter secret used between FortiCloud and FortiConnect.

 

4. Creating a new SSID on the FortiCloud

Go to SSIDs and click Add SSID.

SSID: Type SSID to be used
Enabled: checkmark
Captive Portal: FortiCloud Captive Portal
Sign On Method: My RADIUS server and select your RADIUS server, in this case, FortiConnect.

Tip:  You will also see a note on the IP to use for FortiCloud access.

Configure the Security, Availability and Captive Portal as needed.

 
Once you get the Preview, hit Apply.  

5. Results

Login to the FortiCloud Portal using the Portal.  

On the FortiConnect go to REPORTS & LOGS > RADIUS Authentications.

Find your successful authentication.

 

On your FortiCloud go to AP Network > “your AP network” > Monitor > Client.

Find the client and verify that username is present.

 

 

For further reading, check the FortiCloud v3.1.2 FAQ and the 3.2 Release Notes for FortiCloud.

Brian Andersen

Brian Andersen

Wireless CSE, EMEA region at Fortinet
Building strong customer/partner relations in WiFi industry.
Brian Andersen

Latest posts by Brian Andersen (see all)

  • Was this helpful?
  • Yes   No