In this example, you use a RADIUS server to authenticate your WiFi clients.
The RADIUS server is a FortiAuthenticator (v4.00-build0008) that is used authenticate users who belong to the employees user group.
1. Create the user accounts and user group on the FortiAuthenticator
|
Go to Authentication > User Management > Local Users and create a user account.
User Role settings are available after you click OK.
Create additional user accounts as needed, one for each employee.
|
![user_def_fac]() |
Go to Authentication > User Management > User Groups and create the local user group “employees” on the FortiAuthenticator. |
![usergroup_fac]() |
2. Register the FortiGate as a RADIUS client on the FortiAuthenticator
|
Go to Authentication > RADIUS Service > Clients and create a client account.
Enable all of the EAP types.
|
![reg_fgt_on_fac]() |
3. Configure FortiGate to use the RADIUS server
|
Go to User & Device > RADIUS Servers and add the FortiAuthenticator as a RADIUS server. |
![fgt_radius]() |
4. Create the SSID and set up authentication
|
Go to WiFi Controller > SSID and define your wireless network. |
![ssid-basic]() |
Set up DHCP for your clients. |
![ssid-dhcp]()
|
Configure WPA2 Enterprise security that uses the RADIUS server. |
![ssid-security]() |
5. Connect and authorize the FortiAP
|
Go to Network > Interfaces and configure a dedicated interface for the FortiAP. |
![fap-interface]() |
Connect the FortiAP unit. Go to WiFi Controller > Managed FortiAPs. |
![fap-discover]() |
When the FortiAP is listed, select and authorize it. |
![fap-authorize]() |
Go to WiFi Controller > FortiAP Profiles and edit the profile.
This example used a FortiAP-221C, so the FAP221C-default profile applies.
For each radio:
- Enable Radio Resource Provision.
- Select your SSID.
|
![fap-profile]() |
6. Create the security policy
|
Go to Policy & Objects > IPv4 Policy and add a policy that allows WiFi users to access the Internet. |
![internet-policy]() |
Results
|
Connect to the example-staff network and browse Internet sites.
Go to Monitor > Client Monitor to see that clients connect and authenticate.
|
![client-monitor]() |
The post WiFi RADIUS authentication with FortiAuthenticator appeared first on Fortinet Cookbook.