Skip to main content
Maerre
Maerre
Explorer III
June 12, 2025
Question

Ipsec vpn access with fortiauthenticator cloud, fortitoken cloud and EMS

  • June 12, 2025
  • 2 replies
  • 2282 views

Hello,

i need to configure a vpn ipsec access for a few users through the implementation of fortiauthenticator cloud, fortitoken cloud and EMS.
These users should be locally created on the fortiauthenticator cloud, associated with the fortitoken cloud and then, with the EMS, i need to check their compliance.
I've correclty deployed the ipsec vpn with local users just for test and it's working, now i need to use the FAC cloud, how can i create the users on it and let them visible in the authentication process?
I thought to add the FAC cloud as radius server but obviously it's doesn't have an ip being a saas solution.
Did anyone face a similar implementation?
The scope of this scenario is to let the users connect via vpn to the remote resources and when a new user needs to grant access it should only be added on Fac cloud with its fortitoken cloud.


Thank you
Regards

2 replies

rbraha
Staff
rbraha
Staff
June 12, 2025

Hi @Maerre 

You can use FAC Cloud as radius server but you will need to use RadSec in this case , you can use FQDN of FAC Cloud , please check the guide below.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuration-of-FortiAuthenticator-Cloud/ta-p/335055

 

 

    Maerre
    MaerreAuthor
    Explorer III
    June 12, 2025

    Hi @rbraha,
    thank you, i'm already working on the configuration, with this sentence:

     

    Note: This communication will be over the internet and ensure that port 2083 is not blocked upstream of FortiGate or ISP.

    how can i open the communication on the upstream firewall?

    need to use the mgmt ip of the fortigate as source and the fqdn of fac cloud as destination?

     

    Thank you

    Maerre
    MaerreAuthor
    Explorer III
    June 16, 2025

    after correctly deploy RADSEC connection, if i want users to be authenticated through RADSEC service and token, where should i configure these users?
    On Fortiauthenticator cloud or on fortigate itself?

    rbraha
    Staff
    rbraha
    Staff
    June 16, 2025

    Hi,

    End users should reside in FortiAuthenticator Cloud side with Radius policies..., when creating user groups in FortiGate you should select remote radius server as FortiAuthenticator Cloud.

      Maerre
      MaerreAuthor
      Explorer III
      June 16, 2025

      Hi @rbraha,

      thank you, i did it as you can see in the screen for the radius policy, i've also created the user group associated with the radius server referring to FortiAuthenticator Cloud.

      The user need to be created on the fac under user management -> local user ?
      And from this section can be configured all the settings to associate the fortitoken?
      Another part i can't understand is how fortitoken cloud and fac cloud talk together to use the correct token.

       

      radius_policy.jpgThank you

      Regards

      Terms & ConditionsAccessibility statement