Multi-vdom and configuring radius authentication for mgmt

Forum|Forum|6 years ago
November 21, 2019
1 reply
5558 views

Hello Guys,

I'm working with a cluster of FG-1000D with multiple VDOM and I'm currently trying to add radius authentication for management.

I currently have these settings on the global configuration:

IP Mgmt 1: 172.16.10.253

IP Mgmt 2: 172.16.10.252

I am logging throught these interfaces for managing my cluster.

On the root VDOM, I have another interface used for connectivity with fortiguard services:

IP root vdom: 172.16.31.1 (NATed with our external FW)

I am currently stuck as I don't know where to configure the radius authentification for our management interface and documentation on this topic is not very clear.

From my perspective, since I am accessing the mgmt interface through the "global" section, I should configure the radius auth on the "global" vdom but there is no option to configure this.

Perhaps I need to configure RADIUS server and RADIUS users on the root vdom but how can I add these users to the Administrators section in the global config ?

Any help would be appreciated.

Regards

6.0

Nikhil_Chaudhari

New Member

Hi Eddie,

You can configure radius server under each vdom and add user role to fetch from remote server.

This should work as OOB Management interface wont be any part of any vdom hence if vdom-a is live on Master device and vdom-b is live on Slave device so radius server will be reachable through it automatically.

Provided this please enable ha-direct in HA configuration of devices so that both devices can be independently do management tasks.

Hope this helps.

Thanking you

Regards,

Nikhil Chaudhari

emnoc

New Member

If these are the management you can define the radius-server to use these in the nas-ip and managemnet vdom parts of the cfg.

Ken Felix

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded