FortiNet FortiGate- RADUIS Configuration- RSA Ready Implementation Guide
a year ago

This section describes how to integrate FortiGate with RSA Authentication Manager using RADIUS.

Configure RSA Authentication Manager 

Perform these steps to configure RSA Authentication Manager using RADIUS.

Procedure

  1. Sign in to Security Console.
  2. Go to RADIUS > RADIUS Servers and make a note of the IP address of the selected RADIUS server. This will be later used in FortiGate configuration.

  1. Navigate to RADIUS > RADIUS Clients > Add New.
  2. On the Add RADIUS Client page, enter the following details:
    • Client Name: Enter a descriptive name for the Radius client.
    • IPv4 Address: Enter the IP address of the Radius client (FortiGate).
    • Make / Model: Select Standard Radius from the drop-down menu.
    • Shared Secret: Create and enter a secure shared secret. This secret will be used for secure communication between the Radius client and the Radius server. This will be the same shared secret that will be used in FortiGate configuration.

  1. Click on Save & Create Associated RSA Agent.
  2. On the Add New Authentication Agent page, click Save, then confirm by clicking Yes, Save Agent.

Notes

  • RSA Authentication Manager RADIUS server listens on ports UDP 1645 and UDP 1812.
  • The relationship of agent host record to RADIUS client in the Authentication Manager can 1 to 1, 1 to many or 1 to all (global).
  • Shared Secret must be an alphanumeric string between 1 and 31 characters in length and is case-sensitive

Configure FortiGate

Perform these steps to configure FortiGate as a RADIUS client to RSA Authentication Manager.

Procedure

  1. On the Fortinet FortiGate web interface, from the left pane, navigate to User & Authentication > RADIUS Servers.
  2. Create a New RADIUS Server, choose the authentication method from the dropdown list.
  3. In Primary Server section,  fill in the IP address of the RSA Authentication Manager RADIUS Server and the Secret as configured in RSA. Then press Ok.

 

Configuration complete.

Use Case

  1. On the security console of RSA Authentication Manager page, add a software token profile by navigating to Authentication > Soft Token Profiles > Add New. For more information on Soft Token Profiles and how to create, visit this article.
  2. Create a test user in Internal Database of RSA Authentication manager. Navigate to Identity > Users > Add New.
  3. Assign and distribute the Software Token to the user created in the previous step for testing. For more information on distributing Software Tokens, visit this article.

  1. Import token to RSA software desktop application.
  2. On FortiGate page, Navigate to User & Authentication > User Definition and click on the + Create New button to open the Users/Groups Creation Wizard.
  3. Import the new user to the RSA RADIUS Server created earlier by choosing it from the RADIUS Server dropdown.

  1. Add the user to the relevant User Group and click Submit.

  1. Navigate to User & Authentication > RADIUS Servers to Test user credential by clicking the button [Test User Credentials].

Return to FortiNet FortiGate- RSA Ready Implementation Guide

Related Articles

Trending Articles

Don't see what you're looking for?