Create a RADIUS logon procedure
- Login to the DualShield Administration Console
- In the main menu, select Authentication > Logon Procedure
- Click the Create button on the toolbar
- Enter a name and select RADIUS as the type
- Click “Save”
- Click the Context Menu icon of the newly created logon procedure, select Logon Steps and a new section will be added to the page;
- To add a logon step click on the
button on the top left - Choose Static Password
- Click Save
- Click Add again to add a second Logon Procedure
- Select OOBA Push as the second step
12. Click Save
Create a RADIUS application
- In the main menu, select Authentication > Applications
- Click the Create button on the toolbar
- Enter a name and select a realm
- Select the newly created logon procedure
- Click Save
- Click the Context menu of the newly created application, select Agent and then select the Radius agent.
- Click Save
- Click on the corresponding Elipses and choose Self Test from the menu.
Register Fortigate as a Radius Client
- In the main menu, select RADIUS > Client
- Click the "Create" button on the top right.
- Enter a friendly name
- Click on the magnifying glass and select the Radius Server
- Select the Application from the drop-down list.
- Click on the Cogwheel to the right to enter the IP address of the Network Policy Server and click "Add" then "Save"
- Enter the Shared Secret, which will be used in FortiGate's Radius Server configuration.
- Select PAP, Chap & MSCHAP2 as the Authentication Protocols
- Click Save