Description |
This article describes the configuration required for FortiGate to send RADIUS accounting messages to FortiAuthenticator
In this scenario, FortiGate port9 with IP x.x.x.x is connected to FortiAuthenticator port2 with IP y.y.y.y |
Scope | FortiGate and FortiAuthenticator. |
Solution |
Section A: FortiGate Configuration
GUI configuration:
CLI configuration:
config user radius edit FAC set server y.y.y.y set secret Fortinet set nas-ip x.x.x.x end
config user radius edit FAC conf accounting-server edit 1 set status enable set server y.y.y.y set secret ******** set port 1646 end end
Verify the config applied using the following command:
show user radius
Section B: FortiAuthenticator Configuration.
Note that 'RADIUS Accounting Monitor' (and port) is used for Usage-policy definition. If a user has a usage policy applied, bandwidth or time can be used to remove the logged in user from the network, if exceeded.
After configuring all of the above, establish a test connection using a user authentication method like FortiClient SSL-VPN for example. After the connection is successful, the user radius accounting session will populate in FortiAuthenticator.
To view previous sessions, select cumulative as shown below:
Related article: Technical Tip: Fortinet Solutions RSSO (RADIUS Single Sign On). |