Description |
This article describes the configuration required for FortiGate to send RADIUS accounting messages to FortiAuthenticator
In this scenario, FortiGate port9 with IP x.x.x.x is connected to FortiAuthenticator port2 with IP y.y.y.y |
Scope | FortiGate and FortiAuthenticator. |
Solution |
Section A: FortiGate Configuration
GUI configuration:
CLI configuration:
FortiGate#config user radius FortiGate(radius) # edit FAC FortiGate(FAC) #set server y.y.y.y FortiGate(FAC) #set secret Fortinet FortiGate(FAC) #set nas-ip x.x.x.x FortiGate(FAC) #end
2) FortiAuthenticator is configured as the RADIUS accounting server from FortiGate CLI with the correct IP, secret password and port number is matching the port number of the ForitAuthenticator RADIUS Accounting monitor port as in FortiAuthenticator configuration step 3.
FortiGate# config user radius FortiGate(radius) # edit FAC FortiGate(FAC) # conf accounting-server FortiGate(accounting-server) # edit 1 FortiGate(1) # set status enable FortiGate(1) # set server y.y.y.y FortiGate(1) # set secret ******** FortiGate(1) # set port 1646 FortiGate(1) # end FortiGate(FAC) # end
Verify the config applied using the below command:
# show user radius
Section B: FortiAuthenticator Configuration.
1) FortiGate is a RADIUS Client with correct IP address, in this example x.x.x.x, secret password (will be used in FortiGate config step 2) and with 'Accept RADIUS accounting messages for usage enforcement' enabled.
2) Interface connected to FortiGate has RADIUS accounting monitor enabled, the interface with IP y.y.y.y.
3) Check and make note of the RADIUS Accounting monitor port number, default is port 1646, and use it to configure the FortiGate as per step 2 in FortiGate config section.
After configuring all the above, establish a test connection using a user authentication method like FortiClient SSL-VPN for example, after the connection is successful, the user radius accounting session will populate in FortiAuthenticator.
Note the authentication session must be valid and real time for the session to remain in the Active section.
To view previous sessions, select cumulative as shown below
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.