VPN – Fortinet FortiGate

In this topic, you will learn how to configure Fortinet FortiGate to work together with Portnox™ Cloud and 802.1X RADIUS authentication for VPN connections.

Important: This guide provides general instructions for integrating Portnox Cloud with specific third-party devices. While we aim to provide helpful examples for commonly used models, configurations may vary across manufacturers, models, and environments. As a result, we cannot guarantee that these steps will work in every scenario. For questions or issues related to RADIUS setup – which is an industry standard and not specific to Portnox – or device-specific settings and troubleshooting, we recommend consulting the device manufacturer’s documentation and contacting their support team. While Portnox Support is happy to assist where possible, please note that detailed configuration of third-party devices is typically best handled by the manufacturer.

Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models.

Configure FortiGate devices using the web interface

In this section, you will learn how to configure FortiGate devices using the web interface.

In the Fortinet web interface, navigate to User & Authentication > RADIUS Servers to create a new RADIUS Server and enter your cloud RADIUS IP address. Then, click on OK.
In the top-right corner of the screen, click on >_ to enter the CLI.
In the CLI, change the authentication port to the relevant port used by your cloud RADIUS and enter the secret for your cloud RADIUS:
```
config system global
set radius-port your_authentication_port
end
```
In User & Authentication > User Groups, create a new group.
Under Remote Groups, add the relevant RADIUS server.
Under Policy & Objects > Firewall Policy, create a new Rule.
Edit that relevant rule and add VPN_Group under Source.

Configure FortiGate devices using the console

In this section, you will learn how to configure FortiGate devices using the console.

Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual profile names, RADIUS server addresses, ports, and keys by replacing the values that are presented as underlined italics.

Note: This configuration was tested on a Fortinet FortiGate 60E series firewall but it applies to most other Fortinet FortiGate devices as well.

Add the first Portnox Cloud RADIUS server to the configuration as entry 1.

Note: This sample server uses the following example parameters:

IP: 20.119.69.248
Authentication port: 10322
Accounting port: 10323
Shared secret: rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1

Remember to adjust these values to your configuration.

config user radius
  edit "Portnox Cloud US"
    set server 20.119.69.248
    set secret rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
    set radius-port 10322
    config accounting-server
      edit 1
        set status enable
        set server 20.119.69.248
        set secret rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
        set port 10323
      next
    end
  next
end

Optional: Add the second Portnox Cloud RADIUS server to the configuration as entry 2.

Note: This sample server uses the following example parameters:

IP: 52.232.122.157
Authentication port: 10476
Accounting port: 10477
Shared secret: fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt

Remember to adjust these values to your configuration.

config user radius
  edit "Portnox Cloud EU"
    set server 52.232.122.157
    set secret fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
    set radius-port 10476
    config accounting-server
      edit 2
        set status enable
        set server 52.232.122.157
        set secret fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
        set port 10477
      next
    end
  next
end