You can now add secondary and tertiary servers to RADIUS, LDAP, and TACAS+ remote authentication server configurations. When you add a secondary server, the FortiGate unit will contact the secondary server only if the primary server is unreachable. The FortiGate unit will only contact the tertiary server if the both the primary and secondary servers are unreachable.

Enter the following command to add up to three servers to a RADIUS server configuration. Specify a domain name or IP address for each server as well as the server secret. In the following example, the RADIUS servers are at IP addresses 172.20.120.10, 172.20.120.20, and 172.20.120.30:

Enter the following command to add up to three servers to an LDAP server configuration. Specify a domain name or IP address for each server. Other than the domain name or password, the secondary and tertiary servers must use the same port and LDAP settings such as the cnid and username. In the following example, the LDAP servers are at IP addresses 192.168.10.10, 192.168.10.20, and 192.168.10.30:

Enter the following command to add up to three servers to an TACAS+ server configuration. Specify a domain name or IP address and key for each server. In the following example, the TACAS+ servers are at IP addresses 10.10.10.10, 10.10.10.20, and 10.10.10.30: