FortiEdgeCloud
Hosted cloud-based management platform for the Fortinet Secure LAN Edge (FortiSwitch and FortiAP), and FortiExtender 5G/LTE Gateways
riwesseh
Staff
Staff
Article Id 342610
Description This article describes how to set up FortiEdge Cloud with Radius authentication using Windows NPS (AD authentication).
Scope
  • FortiEdge Cloud using NPS as Radius server.
  • FortiAP as a Radius client.
  • Microsoft NPS joined the AD domain for AD authentication.
Solution

Below are the steps to follow to configure FortiEdge Cloud and Windows NPS for Radius authentication.

 

  1. Add FortiAP as a Radius client.

Note: If FortiEdge manages multiple APs, configure the AP subnet (for example 192.168.2.0/24) as the Radius client.

 

  1. Follow the related guide to complete NPS configuration but ensure that in steps 1 and 2, and configure FortiAP as a Radius client instead of FortiGate Technical Tip: Configuring FortiGate and Microsoft NPS (Radius with AD authentication).

     

    From FortiEdge:

     

  2. Configure the RADIUS server from Wireless -> Configuration -> User Access Control.

     

Select 'My Radius Server' -> Add Radius Server and enter server details. The primary server name/IP will be the NPS and the secret will be the same as the Radius client.
                                                         
Radius.png

 

 

Reference: RADIUS Server.

 

If testing the Radius server from FortiEdge, it will fail because the Radius client is FortiAP.

To review packet flow, SSH to AP and run the below command:

 

tcpdump -i br0 'port 1812' <---------- Or configured Radius port.

 

Related articles:

Technical Tip: Configuring FortiGate and Microsoft NPS (Radius with AD authentication) 

Technical Tip: Microsoft NPS as RADIUS client for active-directory authentication