Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
medicalgmbh
New Contributor

Created on ‎02-03-2025 06:02 AM

SSID authentication via Radius Server on FortiOS 7.2.10 / FortiGate 80F

Hello all,

is there any Documentation or Best-Practice on how to set-up a Wifi SSID with AD-Authentication via Windows NPS Server from scratch? 
At the moment our company uses MAC Filter based via WPA2-Personal, but i want to change it into Authentication through AD via Radius Server. Best would be WPA3 Enterprise i guess. I set up the NPS Server, applied the Network policy and Connection Request Policies, set up the AD groups, added them into the Network policy, created Radius Client on the Forti (and NPS Server ofc), connection between Forti and Radius is successfull and also my user credentials are working, but when i set up the SSID and add it to my Network Interface, the Client says connection is not possible.
I mainly used this technical tip: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-FortiGate-and-Microsoft-NPS-Ra...

and also this
https://docs.fortinet.com/document/fortiap/7.4.4/fortiwifi-and-fortiap-configuration-guide/961597/co... 

But i think in some config im doing somethin wrong.
The Network Interface on my FortiGate 80F is a software switch with IP/Netmask from 192.168.5.254/23 and i want the clients to get an IP from this range. This works perfectly fine with our main Wifi atm. 
Has anyone any helpful links or even idea what could possible be wrong?

This i atm mainly a test to see if everything works to rollout via FortiManager afterwards.
thank you in advance :)

Labels:
407
0 Kudos
2 REPLIES 2
ebilcari
Staff
Staff

Created on ‎02-03-2025 07:13 AM

I suppose you are trying to implement EAP-PEAP. Firstly make sure that the supplicant in the end host is configured correctly. Doing the configuration from Control Panel it will show all the available options, certificates and credentials (this example is for EAP-TLS but the options are similar).

A packet capture of RADIUS traffic while trying to login from the end host will give more details for the request/response, Network> Diagnostics> Filters [Port: 1812].

You can also refer to this article for troubleshooting the authentication part from the FGT side.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
389
0 Kudos
medicalgmbh
New Contributor

Created on ‎02-03-2025 07:35 AM

Yes EAP-PEAP correct. Okay i will look into it. If i solved the issue or i'll have any problems ill come back. Thank you!

381
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.