Fortigate Radius and MFA with AD

Forum|Forum|5 years ago
December 7, 2020
1 reply
3504 views

Hello everyone,

Hi I am setting up a radius server on windows server with Fortigate as a radius client. The main idea is to configure Azure MFA with the NPS extension.

Currently I already have a SSLVPN portal running without problems filtering by AD groups. I have created a Radius server in FG and I have clear the steps, except the radius policies in Windows NPS that must point to the fortigate: I have added a radius client pointing to the IP of the FG, but ...

What should I put as a connection request policy and as a network policy? Thank you

ForMar

New Member

Hi

Connection Request Policy you allow a connection from the radius client (the fortigate) to the radius server. So i did a limitation of the client displayname, which i configured as i created the radius client in the nps server.

Authentication PAP

Network Policy is the authorization logic. so i have a condition on a windows Group, and again on the radius client displayname.

Authentication still pap.

However, with active Azure Plugin inthe authentication fails for me, it works without the azure nps plugin.

Otherwise i followed the cookbook from 6.2, i have installed 6.4.4.

edit: fixed with fortninet support.

config sys global set remoteauthtimeout 30 end

Kind regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded