FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to verify Radius server user credentials via GUI/web interface of the FortiGate.
Solution Before FortiOS 6.0.0, it was only possible to check the Radius user credentials via CLI. However, starting from FortiOS 6.0.0 and onward, this feature is available on the GUI as well.
In order to check the Radius server user credentials, go to User & Device -> Radius servers Edit the configured Radius Server and click to the “Test User Credentials” button.
Note: Before testing user credentials, make sure that the Radius Server is already configured and there is no connectivity issues between the FortiGate and Radius Server.
After that, enter the username and password of the user.
As it is shown on the above screenshot, the FortiGate can check “Connection status” and “User credentials” and in case of successfully authenticating, it shows additional information such as Radius “AVP” and “VSA”.
Note: In current FortiOS implementations, the Radius server user credentials via GUI/web interface supports and works only with the PAP (Password authentication protocol) scheme.
If the user credentials is tested with the Radius Server that does not have “PAP” enabled, the FortiGate will show “Invalid credentials” message:
For all schemes than “PAP” it is recommended to test it via CLI:
# diagnose test authserver radius <server_name> <chap | pap | mschap | mschap2> <username> <password>
# diagnose test authserver radius WIN16 mschap2 radiususer1 P@$$w0rd1 authenticate 'radiususer1' against 'mschap2' succeeded, server=primary assigned_rad_session_id=457812022 session_timeout=0 secs idle_timeout=0 secs! Group membership(s) - radiusgroup
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.