Hot!Fortigate as a Radius Client

Author
Daryaya
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/09/01 08:14:56
  • Status: offline
2020/09/29 10:14:20 (permalink)
0

Fortigate as a Radius Client

Hi,
 
If there is an external firewall between the Radius server(which is outside my network) and my Fortigate as the radius client, then I need to have a rule on the external firewall to allow RADIUS traffic from my Fortigate firewall. so the source address on the rule should be teh address of RADIUS client which is my Fortigate. My question is what address do I have to use ? would it be the outside interface of my Fortigate?
#1

2 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 5800
    • Scores: 383
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Fortigate as a Radius Client 2020/09/29 12:11:50 (permalink)
    0
    Most likely yes. You can do a diag sniffer packet any "port 1812" for example to see the src.ip 
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #2
    journeyman
    Gold Member
    • Total Posts : 174
    • Scores: 0
    • Reward points: 0
    • Joined: 2011/03/15 22:56:36
    • Status: offline
    Re: Fortigate as a Radius Client 2020/10/08 23:49:10 (permalink)
    0
    In general outgoing services from a FGT default to the outgoing interface IP.
    For many of these services the IP can be changed (eg to a loopback IP). This can be done for ntp, snmp, syslog at least.
    This looks to be applicable to radius as well:
    config user radius
        edit test
            set source-ip 1.1.1.1
        next
    end
    I'm not sure if this is the correct radius configuration for what you are doing but this may suit your needs.
    #3
    Jump to:
    © 2020 APG vNext Commercial Version 5.5