WiFi RADIUS authentication with FortiAuthenticator


In this example, you use a RADIUS server to authenticate your WiFi clients.

In the example, a FortiAuthenticator (v3.00-build0176) is used as a RADIUS server to authenticate users who belong to the employees user group.

Find this recipe for other FortiOS versions
5.2 | 5.4

1. Create the user accounts and user group on the FortiAuthenticator

Go to Authentication > User Management > Local Users and create a user account.

User Role settings are available after you click OK.

Create additional user accounts as needed, one for each employee.


Go to Authentication > User Management > User Groups and create the local user group “employees” on the FortiAuthenticator.

Add users who are allowed to use the WiFi network.



2. Register the FortiGate as a RADIUS client on the FortiAuthenticator

Go to Authentication > RADIUS Service > Clients and create a user account.

Enable all of the EAP types.


3. Configure FortiGate to use the RADIUS server

Go to User & Device > Authentication > RADIUS Servers and add the FortiAuthenticator unit as a RADIUS server. fgt_radius

4. Create the SSID and set up authentication

Go to WiFi Controller > WiFi Network > SSID and define your wireless network. ssid-basic
Set up DHCP for your clients. ssid-dhcp
Configure WPA2 Enterprise security that uses the RADIUS server. ssid-security

5. Connect and authorize the FortiAP

Go to System > Network > Interfaces and configure a dedicated interface for the FortiAP. fap-interface

Connect the FortiAP unit. Go to WiFi Controller > Managed Access Points > Managed FortiAPs.


When the FortiAP is listed, select and authorize it.


Go to WiFi Controller > WiFi Network > FortiAP Profiles and edit the profile. For each radio:

  • Enable Radio Resource Provision.
  • Select your SSID.

5. Create the security policy

Go to Policy & Objects > Policy > IPv4 and add a policy that allows WiFi users to access the Internet.


Go to WiFi Controller > Monitor > Client Monitor to see that clients connect and authenticate. client-monitor

For further reading, check out the Deploying Wireless Networks in the FortiOS 5.2 Handbook.

Fortinet Technical Documentation

Fortinet Technical Documentation

Contact Fortinet Technical Documentation at techdoc@fortinet.com.
Fortinet Technical Documentation

Latest posts by Fortinet Technical Documentation (see all)