Hello. I am very new to this and trying to configure SSL VPN in my Fortigate 100D to use Win2k8 Radius to Authenticate users. Can someone point me to a step by step guide/setup on how to do the configuration on the Radius server side? (specifically how the NPS policies is configured).
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This guide will help you to find your way around.
http://docs.fortinet.com/uploaded/files/1081/fortigate-sslvpn.pdf
Let me know how you get on or should you need further info on the same.
Karan
FCSNA | CCNP | VCP | CCNA | MCITP
Thanks. This document only shows config for the VPN client/firewall side - none about the Radius server side. Nevertheless I managed to make it work. Here are the settings I did in NPS:
1. In Radius client properties choose "Radius standard" as vendor name. Uncheck both NAP capable and Access Request messaged must contain the Message-Authenticator attribute.
2. In Connection Request Policies, create a policy, name it and enable it.
3. In Connection Request Policies, choose "Unspecified" for Type of Network access server.
4. In Connection Request Policies, condition can either be NAS Identifier (Fortigate Name) or NAS Ipv4 Address (Fortigate IP). In my case I choose NAS Identifier. You can also configure both.
5. In Connection Request Policies, Make sure Override Network Policy Authentication Settings is Disabled.
6. In Connection Request Policies, Click Vendor Specific Attributes>Custom>Radius standard>Enter Vendor Code 12356
7. In Network Policies, create a policy, name it and enable it.
8. In Network Policies, choose "Unspecified" for Type of Network access server.
9. In Network Policies, set conditions to User Groups and the name of the group that contains the users you want to allow connection to VPN.
10. In Network Policies, Authentication method set to MS CHAP2 and make sure it's the same setting in Fortigate. Leave all the rest of the settings in the network policies to default.
This is very basic and not using the strongest/safes Authentication/encryption. But a great start to be up and running.
Great info. Thank you.
lamtiny , this is a very good job & break down. It would be nice if the cookbook had a play by play setup available. I do recall seeing one for radius w/NPS for Wifi access iirc
PCNSE
NSE
StrongSwan
I'm going to add this topic to the Cookbook to-do list, hopefully there will be a recipe for it soon.
Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
Yeah. Would love to see it in the cookbook soon. NPS setup can be overwhelming if you don't know the basics.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.