FortiWAN is a Link Load Balancing, Multi-Homing and Tunnel Routing system.
Article Id 241051
Description This article describes how setup Microsoft Network Policy Server (NPS) for FortiWAN RADIUS authentication and is ONLY focusing on the needed setup for the NPS and FortiWAN.
It is maybe necessary to preconfigure other respective Microsoft Windows Server and Microsoft Network Policy Server (NPS) setups.
Scope FortiWAN.

It is necessary to have a requirement to set up Microsoft Network Policy Server (NPS) for FortiWAN RADIUS authentication.


From Microsoft Network Policy (NPS):


1) Add Network Policy:
- Create new Network Policies.
- Edit the new Policy.
- Go to the Conditions tab, and add respective UserGroups.
- Go to the Constraints tab, tick Unencrypted authentication (PAP, SPAP).
- Go to the Settings tab and under the RADIUS Attributes section, select Vendor Specific.
- On the right page, select Add and add Vendor-Specific Attributes.




- On the next page, under Attribute values, select Add.
- On the next page, select Enter Vendor Code and input '12356' and select 'Yes. It      conforms'. Select Configure Attribute.




- On the next page, for Vendor-assigned attribute number, input '26'.
For Attribute format, select 'String'. For Attribute value, input either 'user- group=Administrator' for FortiWAN administrator access OR 'user-group=Monitor' for FortiWAN Monitor access. Select OK.




- Similar setting should be visible as below:




2) Add the FortiWAN as RADIUS Client.



From FortiWAN GUI:


1) Go to System -> Administration.
2) Under the RADIUS Authentication section, tick Enable.
3) For Priority, select 'RADIUS, Local Database'.
4) For Server IP, input the 'Microsoft NPS IP'.
5) For Server Port, input the 'Microsoft NPS port'.
6) For Secret, input the 'Microsoft NPS Shared Secret'.
7) Select Apply.




8) Logout and test the respective user login on the FortiWAN.



Related FortiWAN RADIUS Authentication document: (Page 176)