Wi-Fi employee access – Fortinet

In this topic, you will learn how to configure Fortinet wireless controllers to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Wi-Fi connections.

Important: This guide provides general instructions for integrating Portnox Cloud with specific third-party devices. While we aim to provide helpful examples for commonly used models, configurations may vary across manufacturers, models, and environments. As a result, we cannot guarantee that these steps will work in every scenario. For questions or issues related to RADIUS setup – which is an industry standard and not specific to Portnox – or device-specific settings and troubleshooting, we recommend consulting the device manufacturer’s documentation and contacting their support team. While Portnox Support is happy to assist where possible, please note that detailed configuration of third-party devices is typically best handled by the manufacturer.
Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models.

FortiWLC

The following is a configuration process for the FortiWLC series of controllers, based on FortiWLC 50D with FortiOS 8.3.

  1. In the FortiOS web interface, navigate to Configuration > Security > RADIUS, and click on Add to add a RADIUS server.

    1. Specify a RADIUS Profile Name for the RADIUS server.
    2. Set the RADIUS Server Timeout to 20 seconds.
    3. Enter your cloud RADIUS details.
  2. Navigate to Configuration > Security > RADIUS, and click on Add to add a RADIUS accounting server.

    1. Specify a RADIUS Profile Name for the RADIUS accounting server.
    2. Set the RADIUS Server Timeout to 20 seconds.
    3. Enter your cloud RADIUS details.
      Note: The server IP and the secret are the same for both authentication and accounting, only ports are different.
  3. Navigate to Configuration > Security > Profile, and click on Add to add a new security profile.

    1. Specify a Security Profile Name.
    2. In Security Mode, select WPA2/CCMP-AES.
    3. In Primary RADIUS Profile Name, select the RADIUS server that you created in previous steps.
  4. Navigate to Configuration > Wireless > ESS, and click on Add to add a new ESS profile.

    1. In ESS Profile, specify a name for the ESS profile.
    2. In SSID, specify the WLAN SSID.
    3. In Security Profile, select the security profile you created in previous steps.
    4. In Primary RADIUS Accounting Server, select the RADIUS accounting server that you created in previous steps.