Navigate to User & Device > RADIUS Servers, then click Create New to create a RADIUS Server.Ĭonfigure the following settings for the new RADIUS server: SettingĮnter a unique name to define the RADIUS server profile, such as Identity Connector. Log in to Fortinet FortiGate with an admin account. Step 4: Configure Fortinet FortiGate to integrate with Identity Administration via RADIUS. Select the VPN Authentication Profile you created earlier from the Default Authentication Profile dropdown. Select the Require authentication challenge checkbox to require a secondary authentication mechanism to log in via the RADIUS client. Select Yes in the Allow RADIUS connections dropdown. Navigate to Core Services > Policies and select an existing policy to modify it or add a new one. Select the option you would like to use for your secondary authentication challenge. Configure the following: Authentication Mechanism In the Identity Administration portal, navigate to Settings > Authentication > Authentication Profiles.Ĭlick Add Profile to create a new profile for VPN MFA (see Create authentication profiles for more information). Step 3: Enable the RADIUS client connection and define authentication requirements. Provide the port number in which the Identity Connector talks to Identity Administration. Confirm with your network administrator that your corporate firewall rules are not blocking this connection, for example if your VPN server is in the DMZ. Your VPN server and the connector must be able to communicate. Select an existing connector or add a new one that you would like to accept RADIUS connections for VPN authentication for Fortinet FortiGate VPN.Ĭlick RADIUS and select the Enable incoming RADIUS connections checkbox. In the Identity Administration portal, click Settings > Network > Identity Connector. Step 2: Configure the Identity Connector to be a RADIUS server. The keys must match to enable authentication. If you have entered a secret key on your RADIUS client, then enter that same key here. In the RADIUS Client Settings window, fill in the following fields: RADIUS Client SettingĮnter a unique name such as FortiGate VPN.Įnter the hostname or IP address of the FortiGate appliance.Įnter the shared secret key for the RADIUS client and Identity Administration. Click Authentication > RADIUS Connections > Client > Add to configure your RADIUS client.Log in to the Identity Administration portal.Step 1: Define Fortinet FortiGate VPN as a RADIUS client in the Identity Administration portal. In the following procedures your Fortinet FortiGate VPN is the RADIUS client and the Identity Connector is the RADIUS server. Integrate Identity Administration with Fortinet FortiGate VPN via RADIUS You need an active Fortinet account that has administrator rights for your organization. This topic describes how to integrate Identity Administration with your Fortinet FortiGate VPN via RADIUS to add multi-factor authentication (MFA) to VPN logins. MFA for Fortinet FortiGate VPN via RADIUS
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |