FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
ajoe
Staff
Staff
Article Id 197414
Description
This article provides the info on RADSEC support for Radius authentication.

Scope
For version 6.2.0.

Solution
The main focus of RADSEC is to provide a means to secure the communication between Radius/TCP peers on the transport layer.

When a RADSEC client connects to FortiAuthenticator through TLS on the specified port, after being decrypted, they are handled by the FortiAuthenticator's RADIUS daemon like standard RADIUS requests via UDP.

RADSEC can be enabled for Radius authentication with below steps,

1)
RADSEC service need to be enabled on each FortiAuthenticator network interface individually.





2) Selecting a RADSEC server certificate in Authentication -> RADIUS Service -> Certificates. Certificate can be imported under Certificate Management.

3) The default RADSEC port is 2083 and can be configured in Authentication -> RADIUS Service -> Services.

Contributors