EasyManua.ls Logo

Fortinet FortiWAN - RADIUS Authentication

Fortinet FortiWAN
311 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
System Configurations Administration
MIB Field OID Description
fwnEventMonitorAccountAdded 1.3.6.1.4.1.12356.118.3.1.1.5 Send event notification when
an account is added into Mon-
itor group.
fwnEventMonitorAccountRemoved 1.3.6.1.4.1.12356.118.3.1.1.6 Send event notification when
an account is removed from
Monitor group.
RADIUS Authentication
Except FortiWAN's local authentication database described above, FortiWAN supports RADIUS authentication for
Web UI login. Please make sure the following settings are complete on the RADIUS server working with FortiWAN.
Add Fortinet's Vender Specific Attribute (VSA) to /etc/raddb/dictionary:
VENDOR Fortinet 12356
BEGINVENDOR Fortinet
...
ATTRIBUTE FortinetFWNAVPair 26 string
...
ENDVENDOR Fortinet
"12356" is Fortinet's vender ID, "Fortinet-FWN-AVPair" is the attribute used for working with FortiWAN and "26"
is the attribute ID. If the RADIUS server serves with other Fortinet products, please add the correspondent attributes
between BEGINVENDOR Fortinet and ENDVENDOR Fortinet.
Construct user database on RADIUS server for authentication. For example, we have accounts "Administrator/1234"
and "admin/(null)" belong to Administrator group, and "Monitor/5678" belongs to Monitor group.
Add the followings to /etc/raddb/users:
Administrator UserPassword := "1234"
FortinetFWNAVPair := "usergroup=Administrator"
admin UserPassword := ""
FortinetFWNAVPair := "usergroup=Administrator"
Monitor UserPassword := "5678"
FortinetFWNAVPair := "usergroup=Monitor"
Please make sure "user-group" is specified for every account, or FortiWAN denies the login even the account and
password are authorized by RADIUS server.
To enable FortiWAN's RADIUS authentication, please click the checkbox and complete the configuration below.
Priority :
Determines priority to the two authentications:
RADIUS, Local Database: Authorize a login via RADIUS first, then try local
database if the authentication failed in RADIUS.
Local Database, RADIUS: Authorize a login via local database first, then try
RADIUS if the authentication failed in local database.
108 FortiWAN Handbook
Fortinet Technologies Inc.

Table of Contents

Other manuals for Fortinet FortiWAN

Preview: Administration Guide
Administration Guide182 pages

Related product manuals