- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate as a Radius Client
Hi,
If there is an external firewall between the Radius server(which is outside my network) and my Fortigate as the radius client, then I need to have a rule on the external firewall to allow RADIUS traffic from my Fortigate firewall. so the source address on the rule should be teh address of RADIUS client which is my Fortigate. My question is what address do I have to use ? would it be the outside interface of my Fortigate?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Most likely yes. You can do a diag sniffer packet any "port 1812" for example to see the src.ip
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In general outgoing services from a FGT default to the outgoing interface IP.
For many of these services the IP can be changed (eg to a loopback IP). This can be done for ntp, snmp, syslog at least.
This looks to be applicable to radius as well:
config user radius
edit test
set source-ip 1.1.1.1
next
endI'm not sure if this is the correct radius configuration for what you are doing but this may suit your needs.