router : auth-path
Authentication based routing allows firewall policies to direct network traffic flows.
This command configures a RADIUS object on your FortiGate unit. The same object is required to be configured on the RADIUS server.
To configure authentication based routing on your FortiGate unit
1. Configure your FortiGate unit to communicate with a RADIUS authentication server.
2. Configure a user that uses the RADIUS server.
3. Add that user to a user group configured to use the RADIUS server.
4. Configure the router auth-path object.
5. Configure a custom service for RADIUS traffic.
6. Configure a service group that includes RADIUS traffic along with other types of traffic that will be allowed to pass through the firewall.
7. Configure a firewall policy that has route based authentication enabled.
The Fortinet Knowledge Base has an article on authentication based routing that provides a sample configuration for these steps.
The auth-path command is not available when the FortiGate unit is in Transparent mode.
config router auth-path
edit <aspath_list_name>
set device <interface>
set gateway <gway_ipv4>
edit <auth_path_name>
Enter a name for the authentication path.
No default.
device <interface>
Specify the interface for this path.
No default.
gateway <gway_ipv4>
Specify the gateway IP address for this path.