WiFi RADIUS authentication with FortiAuthenticator

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin

In this example, you use a RADIUS server to authenticate your WiFi clients.

In the example, a FortiAuthenticator (v3.00-build0176) is used as a RADIUS server to authenticate users who belong to the employees user group.

Find this recipe for other FortiOS versions
5.2 | 5.4

1. Create the user accounts and user group on the FortiAuthenticator

Go to Authentication > User Management > Local Users and create a user account.

User Role settings are available after you click OK.

Create additional user accounts as needed, one for each employee.

user_def_fac

Go to Authentication > User Management > User Groups and create the local user group “employees” on the FortiAuthenticator.

Add users who are allowed to use the WiFi network.

 

usergroup_fac

2. Register the FortiGate as a RADIUS client on the FortiAuthenticator

Go to Authentication > RADIUS Service > Clients and create a user account.

Enable all of the EAP types.

reg_fgt_on_fac

3. Configure FortiGate to use the RADIUS server

Go to User & Device > Authentication > RADIUS Servers and add the FortiAuthenticator unit as a RADIUS server. fgt_radius

4. Create the SSID and set up authentication

Go to WiFi Controller > WiFi Network > SSID and define your wireless network. ssid-basic
Set up DHCP for your clients. ssid-dhcp
Configure WPA2 Enterprise security that uses the RADIUS server. ssid-security

5. Connect and authorize the FortiAP

Go to System > Network > Interfaces and configure a dedicated interface for the FortiAP. fap-interface

Connect the FortiAP unit. Go to WiFi Controller > Managed Access Points > Managed FortiAPs.

fap-discover

When the FortiAP is listed, select and authorize it.

fap-authorize

Go to WiFi Controller > WiFi Network > FortiAP Profiles and edit the profile. For each radio:

  • Enable Radio Resource Provision.
  • Select your SSID.
fap-profile

5. Create the security policy

Go to Policy & Objects > Policy > IPv4 and add a policy that allows WiFi users to access the Internet.

Results

Go to WiFi Controller > Monitor > Client Monitor to see that clients connect and authenticate. client-monitor

For further reading, check out the Deploying Wireless Networks in the FortiOS 5.2 Handbook.

Fortinet Technical Documentation

Fortinet Technical Documentation

Contact Fortinet Technical Documentation at techdoc@fortinet.com.
Fortinet Technical Documentation

Latest posts by Fortinet Technical Documentation (see all)

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin
  • Was this helpful?
  • Yes   No