Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sivasakthi
New Contributor

Created on ‎06-24-2024 01:14 AM

How can I set my primary authentication as Radius and secondary as Local

I have integrated my fortigate with the Radius server and working fine,but parallely my local authentication is also working,how shall i set my radius authetication as primary and local as secondary.

Labels:
760
0 Kudos
2 Solutions
Sivasakthi
New Contributor

Created on ‎06-24-2024 10:11 AM

After entering the below commands i can be able to set the Radius as primary authentication and while the radius is enabled the local user credentials are not working as i want and so in the absence of radius server my local user credentials are usable.

config system global
set admin-restrict-local disable
set admin-restrict-local enable 
end

View solution in original post

684
srajeswaran
Staff
Staff
In response to Sivasakthi

Created on ‎06-24-2024 10:14 PM

Adding below article explaining the details for the benefit  of other users who may hit this.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

634
0 Kudos
4 REPLIES 4
rbraha
Staff
Staff

Created on ‎06-24-2024 05:44 AM

Hi @Sivasakthi 

 

By default FGT will check for every request ,local database first if the user is not found there, then whichever server reply first Radius,Ldap it will proceed further to authenticate users. Probably you could use Realms on SSLVPN setting ,this need to be enabled on Feature visibilities.

Please check the below documentation which explain in detail authentication process .

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-A-quick-guide-to-FortiGate-SSL-VPN-authent...

727
srajeswaran
Staff
Staff

Created on ‎06-24-2024 06:20 AM

I think the best approach will be to keep just 1 or 2 local admin accounts and remaining users to use remote login.
or you can configure all accounts as remote/radius and while configuring radius user itself it will ask to specify backup password to use in case radius is not reachable.
image.png

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
716
0 Kudos
Sivasakthi
New Contributor

Created on ‎06-24-2024 10:11 AM

After entering the below commands i can be able to set the Radius as primary authentication and while the radius is enabled the local user credentials are not working as i want and so in the absence of radius server my local user credentials are usable.

config system global
set admin-restrict-local disable
set admin-restrict-local enable 
end

685
srajeswaran
Staff
Staff
In response to Sivasakthi

Created on ‎06-24-2024 10:14 PM

Adding below article explaining the details for the benefit  of other users who may hit this.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
635
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.