FortiGate Firewall - RADIUS Configuration Using SSL VPN - RSA Ready Implementation Guide
a year ago

This section describes how to integrate FortiGate Remote Access SSL VPN with RSA Cloud Authentication Service using RADIUS.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using RADIUS.

Procedure

    1. In the RSA Cloud Authentication Service section, go to RSA Cloud Tenant Admin GUI > Authentication Clients > RADIUS > Add RADIUS Clients and Profiles.
    2. Enter the IP address.
    3. Enter the Shared Secret.

    1. Disable the Message Authenticator attribute checkbox, as FortiGate doesn’t send authentication request with this attribute.

    Note: Enter the rest of the configuration according to the required set up. 

    Configuration is complete.

    Configure FortiGate Access SSL VPN using RADIUS

    Perform these steps to configure RSA Cloud Authentication Service using RADIUS.

    Procedure

    1. Go to Admin UI of FortiGate > Users & Authentication > RADIUS Servers > New.
    2. Enter the IP of the RSA Authentication Manager or if you are using Cloud Authentication put the RSA Identity Router Management IP and shared secret.

     Note: You can enter up to three servers if you have replicas or 3 identity routers, the second server can be configured via GUI, the tertiary one must be configured from CLI only. configure a tertiary server in the following format. 

      1. FEIRDUFG02 # config user radius
      2. FEIRDUFG02 (radius) # edit RSA-AM
      3. FEIRDUFG02 (RSA-AM) # set tertiary-server 10.65.65.50
      4. FEIRDUFG02 (RSA-AM) # set tertiary-secret support1!
      5. FEIRDUFG02 (RSA-AM) # end

    1. Go to VPN > SSL VPN Settings.
    2. In the Authentication/Portal Mapping, select the User Groups configured for RSA Authentication Manager or RSA Cloud Authentication Service.

    1. Map the required portal (Full Access/Web Access/Tunnel Access) to the RSA User group to authenticate the user against RSA Server using RADIUS.
    2. In the Policy for the SSL VPN Access. Go to Policy & Objects, and select the IPV4 Policy for the SSL VPN.
    3. Configure the Source User to be the RSA User Group. 

    Notes:

    • Refer to this section to configure the RADIUS Timeout.
    • Refer to this section for the RADIUS return attributes.

    Configuration is complete.

    Return to the main page.

    Related Articles

    Trending Articles

    Don't see what you're looking for?