FortiAuthenticator provides access management and single sign on.
Article Id 283978
Description This article discusses the topics that should be considered while setting up 802.1x on FortiAuthenticator in HA A-LB.
Scope FortiAuthenticator v6.x,

While setting up 802.1x Authentication on FortiAuthenticator, follow the documents below:


Wired 802.1x EAP-TLS with computer authentication
Wireless 802.1x EAP-TLS with computer authentication
Wireless 802.1x EAP-TLS with user authentication

When the FortiAuthenticator is in HA A-LB, the following must be considered:

  • Synchronization of users and groups occurs in the load-balancing setup.
  •  However, other configurations are not synchronized. It is necessary to recreate the LDAP server, realm, RADIUS client, and policy on the load-balancing node.
  • The RADIUS client and LDAP server can have different IPs, especially since the load-balancing node may be in a different location. Nevertheless, they must share identical names with the LDAP server/RADIUS client on the primary FortiAuthenticator.
  • All references to LDAP server/RADIUS client/other configurations will be made using names. Therefore, as long as an object with the same name exists on the load-balancing node, there should be no synchronization issues.
  • During the configuration on the primary node, there might be a temporary out-of-sync situation with the load-balancing node because the same objects do not yet exist on the load-balancing node.