WiFi RADIUS authentication with FortiAuthenticator

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, you use a RADIUS server to authenticate your WiFi clients.

The RADIUS server is a FortiAuthenticator (v4.00-build0008) that is used authenticate users who belong to the employees user group.

Find this recipe for other FortiOS versions
5.2 | 5.4

1. Create the user accounts and user group on the FortiAuthenticator

Go to Authentication > User Management > Local Users and create a user account.

User Role settings are available after you click OK.

Create additional user accounts as needed, one for each employee.

user_def_fac
 Go to Authentication > User Management > User Groups and create the local user group “employees” on the FortiAuthenticator.  usergroup_fac

2. Register the FortiGate as a RADIUS client on the FortiAuthenticator

 Go to Authentication > RADIUS Service > Clients and create a client account.

Enable all of the EAP types.

reg_fgt_on_fac

3. Configure FortiGate to use the RADIUS server

Go to User & Device > RADIUS Servers and add the FortiAuthenticator as a RADIUS server. fgt_radius

4. Create the SSID and set up authentication

Go to WiFi Controller > SSID and define your wireless network.  ssid-basic
Set up DHCP for your clients.

ssid-dhcp

Configure WPA2 Enterprise security that uses the RADIUS server. ssid-security

5. Connect and authorize the FortiAP

Go to Network > Interfaces and configure a dedicated interface for the FortiAP. fap-interface
Connect the FortiAP unit. Go to WiFi Controller > Managed FortiAPs. fap-discover
When the FortiAP is listed, select and authorize it. fap-authorize

Go to WiFi Controller > FortiAP Profiles and edit the profile.

This example used a FortiAP-221C, so the FAP221C-default profile applies.

For each radio:

  • Enable Radio Resource Provision.
  • Select your SSID.
fap-profile

6. Create the security policy

Go to Policy & Objects > IPv4 Policy and add a policy that allows WiFi users to access the Internet. internet-policy

Results

Connect to the example-staff network and browse Internet sites.

Go to Monitor > Client Monitor to see that clients connect and authenticate.

client-monitor

 

Fortinet Technical Documentation

Fortinet Technical Documentation

Contact Fortinet Technical Documentation at techdoc@fortinet.com.
Fortinet Technical Documentation

Latest posts by Fortinet Technical Documentation (see all)

  • Was this helpful?
  • Yes   No