Versions Compared

Old Version 1

changes.mady.by.user Paul Ruvin

Saved on

compared with

New Version Current

changes.mady.by.user Paul Ruvin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Add a RADIUS Server

  1. Log in to the Fortinet FortiGate administrative interface.
  2. Click the Navigate to User & Device section in the left navigation panel and navigate to Authentication → RADIUS Authentication>RADIUS Servers.
    Image Removed
    Image Added

  3. Click the Create New button to create a new RADIUS server.

    Image Added

  4. On the New RADIUS Server page, enter the following information:
    Image Removed
    Image Added

  5. Enter a friendly name
  6. Leave the authentication method as Default
  7. Enter the NAS IP, which in this case will be the connection address used by FortiClient
  8. Enter the IP address of the machine on which you have installed the DualShield Radius Server Software
  9. Enter the same Shared Secret which you specified in the Radius Client settings on the DualShield Administration Console.
  10. Test Connectivity to make sure the connection to the DualShield Radius Server is successfulClick the OK button to create the new RADIUS server.

Configure a User Group

  1. Click the Navigate to User & Device section in the left navigation panel and navigate to User → User Groups.Authentication>User Groups
  2. If you have an existing user group, click on it to edit its settings. If you don't yet have a user group, click Create New to create one.

  3. On the Edit User Group or New User Group page, enter the following information:

    Image Added


  4. Use a friendly nameNameSSL VPN with 2FA
  5. Type Firewallis Firewall
  6. You do not have to specify members.

  7. Click the Create New button in the Remote groups section and select the DualShield RADIUS remote server. You do not have to specify a group.

    Image Removed

  8. Click the OK button to save the user group settings.

Configure timeout

The Fortinet appliance has a default timeout of 5 seconds, which will fail for anything other than a passcode authentication. The timeout can be increased from the Fortinet command line interface to resolve the issue. We recommend increasing the timeout to at least 60 seconds

  1. Connect to the appliance CLI. Consult the documentation that accompanied your Fortinet device for more information.In the User Group Edit screen click on the Edit in CLI button

    Image Added
  2. Execute the following commands:

...

# config user radius
    edit <RADIUS Server>
        set timeout 60
end

...