Create a group that matches the WiFi RADIUS attribute. Configuring a user group on the FortiGate Optionally, you can click Test Connectivity. Enter the Domain Controller IP address and the Server Secret that you entered on NPS. On the FortiGate, go to User & Device > RADIUS Servers. Configuring FortiGate to use the RADIUS server Click on Configure Attribute and a new window pops up, on Vendor-assigned attribute number enter 1, on Attribute format select String, and in Attribute value enter WiFi and select OK.Ĥ. On Attribute Information window, click Add, type 12356 next to Enter Vendor Code, next select Yes. In Settings tab, go to RADIUS Attributes > Vendor Specific, then click Add, select Custom under Vendor and Vendor Specific under Attributes select Add. Next select Microsoft Encrypted Authentication version 2 (MS-CHAP-v2), and finally select User can change password after it has expired and select OK. In Constraints tab, under Authentication Methods, click Add, then select Microsoft: Protected EAP (PEAP) then OK. Finally Add Groups, then enter WiFiAccess, and select OK. In Conditions tab, click on Add, select Windows Group, then select Add. Right click Network Policies under Policies and select New to create a new policy. Under Conditions tab, enter Client IPv4 Address as the FortiGate’s IP address. Leave default values for Overview and Settings tab. Right click Connection Request Policies under Policies and select New. Registering the FortiGate as a RADIUS client on NPSįrom the NPS, right click on RADIUS Clients, and create an entry for the FortiGate. To learn more about it, see WiFi with WSSO using Windows NPS and FortiGate Groupsġ. There is an alternative way to setup WiFi with WSSO. The Network Policy Server (NPS) or RADIUS server performs user authentication and passes the WiFi group attribute to the FortiGate so that the appropriate security policy is applied. They belong to a Windows Active Directory (AD) group called WiFiAccess. This is an example of wireless single sign-on (WSSO) with a FortiGate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |