Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Simple SSL VPN Radius Authentication

Hello. I am very new to this and trying to configure SSL VPN in my Fortigate 100D to use Win2k8 Radius to Authenticate users. Can someone point me to a step by step guide/setup on how to do the configuration on the Radius server side? (specifically how the NPS policies is configured).



New Contributor

This guide will help you to find your way around.

Let me know how you get on or should you need further info on the same.



New Contributor

Thanks. This document only shows config for the VPN client/firewall side - none about the Radius server side. Nevertheless I managed to make it work. Here are the settings I did in NPS:


1. In Radius client properties choose "Radius standard" as vendor name. Uncheck both NAP capable and Access Request messaged must contain the Message-Authenticator attribute.

2. In Connection Request Policies, create a policy, name it and enable it.

3. In Connection Request Policies, choose "Unspecified" for Type of Network access server.

4. In Connection Request Policies, condition can either be NAS Identifier (Fortigate Name) or NAS Ipv4 Address (Fortigate IP). In my case I choose NAS Identifier. You can also configure both.

5. In Connection Request Policies, Make sure Override Network Policy Authentication Settings is Disabled.

6. In Connection Request Policies, Click Vendor Specific Attributes>Custom>Radius standard>Enter Vendor Code 12356

7. In Network Policies, create a policy, name it and enable it.

8. In Network Policies, choose "Unspecified" for Type of Network access server.

9. In Network Policies, set conditions to User Groups and the name of the group that contains the users you want to allow connection to VPN.

10. In Network Policies, Authentication method set to MS CHAP2 and make sure it's the same setting in Fortigate. Leave all the rest of the settings in the network policies to default.


This is very basic and not using the strongest/safes Authentication/encryption. But a great start to be up and running.


Great info.  Thank you.

Esteemed Contributor III

lamtiny , this is a very good job & break down. It would be nice if the cookbook had a play by play setup available. I  do recall seeing one for radius w/NPS for  Wifi access iirc





I'm going to add this topic to the Cookbook to-do list, hopefully there will be a recipe for it soon.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

New Contributor

Yeah. Would love to see it in the cookbook soon. NPS setup can be overwhelming if you don't know the basics.