Add a RADIUS Server

1. Log in to the Fortinet FortiGate administrative interface.
2. Navigate to User & Authentication>RADIUS Servers.
   
   
   
   
3. Click the Create New button to create a new RADIUS server.
   
   
   
   

4. On the New RADIUS Server page, enter the following information:
   
   
   
   

5. Enter a friendly name
6. Leave the authentication method as Default
7. Enter the NAS IP, which in this case will be the connection address used by FortiClient
8. Enter the IP address of the machine on which you have installed the DualShield Radius Server Software
9. Enter the same Shared Secret which you specified in the Radius Client settings on the DualShield Administration Console.
10. Test Connectivity to make sure connection to the DualShiedl Radius Server is successfull

Configure a User Group

1. Navigate to User & Authentication>User Groups
2. If you have an existing user group, click on it to edit its settings. If you don't yet have a user group, click Create New to create one.

3. On the Edit User Group or New User Group page, enter the following information:

   

   
   

4. Use a friendly name
5. Type is Firewall
6. You do not have to specify members.

7. Click the Create New button in the Remote groups section and select the DualShield RADIUS remote server. You do not have to specify a group.

8. Click the OK button to save the user group settings.

Configure timeout

The Fortinet appliance has a default timeout of 5 seconds, which will fail for anything other than a passcode authentication. The timeout can be increased from the Fortinet command line interface to resolve the issue. We recommend increasing the timeout to at least 60 seconds

1. In the User Group Edit screen click on the Edit in CLI button
   
   
2. Execute the following commands:

# config user radius
    edit <RADIUS Server>
        set timeout 60
end