VPN – Fortinet FortiGate

In this topic, you will learn how to configure Fortinet FortiGate to work together with Portnox™ Cloud and 802.1X RADIUS authentication for VPN connections.

Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models. Therefore, to get the most accurate and current configuration guidance, we strongly recommend that you refer to the documentation provided by the manufacturer. If you need help setting up newer equipment that does not match the description in this topic, contact us at support@portnox.com.

Configure FortiGate devices using the web interface

In this section, you will learn how to configure FortiGate devices using the web interface.

  1. In the Fortinet web interface, navigate to User & Authentication > RADIUS Servers to create a new RADIUS Server and enter your cloud RADIUS IP address. Then, click on OK.

  2. In the top-right corner of the screen, click on >_ to enter the CLI.

  3. In the CLI, change the authentication port to the relevant port used by your cloud RADIUS and enter the secret for your cloud RADIUS: 
    config system global
set radius-port your_authentication_port
end
  4. In User & Authentication > User Groups, create a new group.
  5. Under Remote Groups, add the relevant RADIUS server.

  6. Under Policy & Objects > Firewall Policy, create a new Rule.
  7. Edit that relevant rule and add VPN_Group under Source.

Configure FortiGate devices using the console

In this section, you will learn how to configure FortiGate devices using the console.

Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual profile names, RADIUS server addresses, ports, and keys by replacing the values that are presented as underlined italics.
Note: This configuration was tested on a Fortinet FortiGate 60E series firewall but it applies to most other Fortinet FortiGate devices as well.
  1. Add the first Portnox Cloud RADIUS server to the configuration as entry 1.
    Note: This sample server uses the following example parameters:
    • IP: 20.119.69.248
    • Authentication port: 10322
    • Accounting port: 10323
    • Shared secret: rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1

    Remember to adjust these values to your configuration.

    config user radius
  edit "Portnox Cloud US"
    set server 20.119.69.248
    set secret rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
    set radius-port 10322
    config accounting-server
      edit 1
        set status enable
        set server 20.119.69.248
        set secret rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
        set port 10323
      next
    end
  next
end
  2. Optional: Add the second Portnox Cloud RADIUS server to the configuration as entry 2.
    Note: This sample server uses the following example parameters:
    • IP: 52.232.122.157
    • Authentication port: 10476
    • Accounting port: 10477
    • Shared secret: fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt

    Remember to adjust these values to your configuration.

    config user radius
  edit "Portnox Cloud EU"
    set server 52.232.122.157
    set secret fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
    set radius-port 10476
    config accounting-server
      edit 2
        set status enable
        set server 52.232.122.157
        set secret fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
        set port 10477
      next
    end
  next
end