Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Caramon1980
New Contributor

Fortigate Radius and MFA with AD

Hello everyone,

 

Hi I am setting up a radius server on windows server with Fortigate as a radius client. The main idea is to configure Azure MFA with the NPS extension.

Currently I already have a SSLVPN portal running without problems filtering by AD groups. I have created a Radius server in FG and I have clear the steps, except the radius policies in Windows NPS that must point to the fortigate: I have added a radius client pointing to the IP of the FG, but ...

What should I put as a connection request policy  and as a network policy? Thank you

1 REPLY 1
ForMar
New Contributor

Hi

Connection Request Policy you allow a connection from the radius client (the fortigate) to the radius server. So i did a limitation of the client displayname, which i configured as i created the radius client in the nps server.

Authentication PAP

 

Network Policy is the authorization logic. so i have a condition on a windows Group, and again on the radius client displayname.

Authentication still pap.

 

However, with active Azure Plugin inthe authentication fails for me, it works without the azure nps plugin.

Otherwise i followed the cookbook from 6.2, i have installed 6.4.4.

 

edit: fixed with fortninet support.

config sys global set remoteauthtimeout 30 end

 

Kind regards

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors