FortiManager 7.2.1 RADIUS Configuration RSA Ready Implementation Guide
3 years ago
Originally Published: 2023-03-24

This section describes how to integrate FortiManager with RSA Authentication Manager using RADIUS.

Procedure

  1. Sign into the FortiManager GUI and use the correct ADOM according to your company to be able to access the System Settings.
    AjithkumarSID_0-1679680294025.png
  2. On the left pane, select Admin, then select Remote Authentication Server from the dropdown. Select Create New and click RADIUS Server.
    AjithkumarSID_1-1679680320826.png
  3. Enter the name of the RADIUS server as per your needs, and fill in the following details:
    1. Enter the IP address/FQDN details from the RSA Authentication Manager in Server Name/IP and enter the shared secret.
    2. Configure a secondary RADIUS server if needed.
    3. Select PAP as the Authentication Type.
      AjithkumarSID_0-1686902369307.png
  4. On the left pane, under Admin, select Administrator to choose who is prompted for RSA RADIUS authentication.
  5. Select Create New and enter the username in the User Name field.
  6. You can choose an admin username, or you can choose to authenticate all admins by selecting Match all users on the remote server checkbox.
  7. Select RADIUS from the Admin Type dropdown and then select the RADIUS server created in step 3.
    AjithkumarSID_4-1679680481041.png
    AjithkumarSID_5-1679680492315.png
  8. Sign into the RSA Authentication Manager, access the security console then go to RADIUS > RADIUS Clients > Add new.
  9. Select Save & Create Associated RSA Agent > Save > Yes, save agent. You can add the hostname to the FQDN of the FortiManager as well.
    AjithkumarSID_1-1686902688446.png
    AjithkumarSID_9-1679680586006.png
    AjithkumarSID_2-1686902775690.png
  10. Create a RADIUS Profile to return a certain RADIUS Attribute back to the FortiManager like Fortinet-Access-Profile, to return a profile created on FortiManager for authorization, like Restricted_User.
    Note: You can apply the profile back to the FortiManager as it rejects any profile override by default. Tio do this, go to the FortiManager through CLI and execute the following commands under the needed Access Profile:
    AjithkumarSID_11-1679680651276.png
    AjithkumarSID_12-1679680675754.png
  11. Sign into RSA Security Console > RADIUS > RADIUS Profiles > Add new.
  12. In the Return List Attributes, add the attribute: Fortinet-Group-Name to specify the group to be returned to FortiManager for Authorization reasons.
    AjithkumarSID_13-1679680718045.png
  13. Select Save.

Configuration is complete.

Return to the main page.

Related Articles

Trending Articles

Don't see what you're looking for?