Technical Tip: Configuring User-Based VPN Policy with RADIUS authentication without usergroup on FortiGate
Description
This article describes how to create a user-based VPN policy with RADIUS without usergroup authentication on FortiGate. It offers detailed, step-by-step guidance on configuring a user object with RADIUS authentication and applying it to a firewall policy.
Scope
FortiGate.
Solution
To configure a user-based VPN policy with RADIUS authentication on FortiGate, follow these instructions:
- Configure a RADIUS server.
- Go to User & Device -> User Definition.
- Select Create New -> Select User type: Remote RADIUS User.
- Enter the username, e.g., 'abcxyz'.
- Under the Remote Server, select RADIUS server.
- Select Next and submit.
- Create or edit a firewall policy to allow VPN traffic for the particular user.
- Under Source User, select the user object created earlier.
- Set Source and Destination as your VPN interface or relevant network.
After configuring the user-based VPN policy, test the connection to ensure it is working as expected.
Note: Make sure that in IPsec VPN phase1 configuration, the xauth user group is set 'inherit from policy' in the GUI, or 'set xauthtype auto' in the CLI.