FortiGate Firewall - Configure RADIUS Authentication Manager Using SSL VPN - RSA Ready Implementation Guide
a year ago

This section describes how to integrate FortiGate Remote Access SSL VPN with RSA Authentication Manager using RADIUS.

Configure RSA Authentication Manager

Perform these steps to configure RSA Authentication Manager.

Procedure

  1. Log in to the RSA Authentication Manager.
  2. Go to Security Console > RADIUS > RADIUS Clients, and  click Add New.
  3. In the Model section, select Fortinet.

Note: The Model section can remain set to Standard RADIUS if Fortinet RADIUS attributes are not required. However, if these attributes are needed, set the model to Fortinet to enable their use in the RADIUS profile later. 

  1. Click Save & Create Associated RSA Agent > Save > Yes, Save Agent.

            

Configuration is complete.

Configure FortiGate Access SSL VPN using RADIUS

Perform these steps to configure RSA Authentication Manager Service using RADIUS.

Procedure

  1. Go to Admin UI of FortiGate > Users & Authentication > RADIUS ServersNew.
  2. Enter the IP of the RSA Authentication Manager or if you are using Cloud Authentication put the RSA Identity Router Management IP and shared secret.

 Note: You can enter up to three servers if you have replicas or 3 identity routers, the second server can be configured via GUI, the tertiary one must be configured from CLI only. configure a tertiary server in the following format. 

    1. FEIRDUFG02 # config user radius
    2. FEIRDUFG02 (radius) # edit RSA-AM
    3. FEIRDUFG02 (RSA-AM) # set tertiary-server 10.65.65.50
    4. FEIRDUFG02 (RSA-AM) # set tertiary-secret support1!
    5. FEIRDUFG02 (RSA-AM) # end

  1. Go to VPN > SSL VPN Settings.
  2. In the Authentication/Portal Mapping, select the User Groups configured for RSA Authentication Manager or RSA Cloud Authentication Service.

  1. Map the required portal (Full Access/Web Access/Tunnel Access) to the RSA User group to authenticate the user against RSA Server using RADIUS.
  2. In the Policy for the SSL VPN Access. Go to Policy & Objects, and select the IPV4 Policy for the SSL VPN.
  3. Configure the Source User to be the RSA User Group. 

Notes:

  • Refer to this section to configure the RADIUS Timeout.
  • Refer to this section for the RADIUS return attributes.

Configuration is complete.

Return to the main page.

Related Articles

Trending Articles

Don't see what you're looking for?