RADIUS server
Remote Authentication Dial-in User (RADIUS) is a user authentication and network-usage accounting system. When users connect to a server they enter a user name and password. This information is passed to a RADIUS server, which authenticates the user and authorizes access to the network.
You can create or edit RADIUS server entries in the RADIUS server list to support authentication of administrators. When an administrator account’s type is set to RADIUS, the FortiManager unit uses the RADIUS server to verify the administrator password at logon. The password is not stored on the FortiManager unit.
Go to System Settings > Admin > Remote Auth Server > Radius Server to view the RADIUS server list.
Create New | Add a new RADIUS server entry. |
Delete | Select the check box next to the server entry and select Delete. You cannot delete a RADIUS server entry if there are administrator accounts using it. |
Name | The RADIUS server name. Select the server name to edit the settings. |
Server Name/IP | The IP address or DNS resolvable domain name of the RADIUS server. |
Secondary Server Name/IP | Optional IP address or DNS resolvable domain name of the secondary RADIUS server. |
To add a RADIUS server configuration:
1. Go to System Settings > Admin > Remote Auth Server > RADIUS server. The list of configured RADIUS servers appears.
2. Select the
Create New tool bar icon. The
New RADIUS Server dialog box appears; see
Figure 64.
3. Configure the following settings:
Name | Enter a name to identify the RADIUS server. |
Server Name/IP | Enter the IP address or fully qualified domain name of the RADIUS server. |
Server Secret | Enter the RADIUS server secret. |
Secondary Server Name/IP | Enter the IP address or fully qualified domain name of the secondary RADIUS server. |
Secondary Server Secret | Enter the secondary RADIUS server secret. |
Port | Enter the port for RADIUS traffic. The default port is 1812. You can change it if necessary. Some RADIUS servers use port 1645. |
Auth-Type | Enter the authentication type the RADIUS server requires. The default setting of ANY has the FortiManager unit try all the authentication types. |
4. Select OK to save the new RADIUS server configuration.
To modify an existing RADIUS server configuration:
1. Go to System Settings > Admin > Remote Auth Server > RADIUS server. The list of configured RADIUS servers appears.
2. In the Name column, select the name of the server configuration you want to change. The Edit RADIUS Server dialog box appears.
3. Modify the settings as required and select OK to apply your changes.
To delete an existing RADIUS server configuration:
1. Go to System Settings > Admin > Remote Auth Server > RADIUS server. The list of configured RADIUS servers appears.
2. Select the check box beside the server configuration you want to delete and then select the Delete tool bar icon. A confirmation dialog box appears.
3. Select OK to delete the server entry.
| You cannot delete a RADIUS server entry if there are administrator accounts using it. |