Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Daryaya
New Contributor

Fortigate as a Radius Client

Hi,

 

If there is an external firewall between the Radius server(which is outside my network) and my Fortigate as the radius client, then I need to have a rule on the external firewall to allow RADIUS traffic from my Fortigate firewall. so the source address on the rule should be teh address of RADIUS client which is my Fortigate. My question is what address do I have to use ? would it be the outside interface of my Fortigate?

2 REPLIES 2
emnoc
Esteemed Contributor III

Most likely yes. You can do a diag sniffer packet any "port 1812" for example to see the src.ip 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
journeyman

In general outgoing services from a FGT default to the outgoing interface IP.

For many of these services the IP can be changed (eg to a loopback IP). This can be done for ntp, snmp, syslog at least.

This looks to be applicable to radius as well:

config user radius

    edit test

        set source-ip 1.1.1.1

    next

endI'm not sure if this is the correct radius configuration for what you are doing but this may suit your needs.

Labels
Top Kudoed Authors