How to Configure Wireless Radius Server authentication on FortiGate Firewall (FortiAP) with Windows

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right um f welcome to my channel so um in this um video I'll walk you through how you can um configure um 4 gates to authenticate um with the radio server so that your users on on your 40 APS can be able to utilize that so apparently um users will be able to um authenticate with their username and password instead of this um traditional appreciate key so um I have my for gate um here installed I have um the My Windows Server um 2016 and on it is configured the network or policy um server so the first thing I want to do is to um configure um the network policy um server come here and you click on the um Network policy server if this has not been installed on your Windows Server you can install it in um uh goes and feature hard goes and feature so um yeah Network policy server okay um then the first thing you want to register um our 4 gate so go to w um client then um edit is click new enter a friendly name which is um 4 gate um then um the IP address should be the IP address of your uh forgate the local um local land gateway for your users end users which is 192 my is 191101 can verify yeah okay so now we've registered it on our 4 Gates on our um Network policy server so what we want to do is to go to 4 gate and um and and um just register the our radio server also on forgate side of it then you come to users um radio server okay um I've already inserted this here so um which um the name of this of the radio server you can give it any name as um let's say radio server radio server um all this don't really matter then the IP address of the server is this then okay um let's go back here sorry we need to do something here so on this policy connection uh request policy um you come to connection request policy right click then select new give it a name Wireless um click next um add this to it let's select um um the client's um IP address which is yeah let's select client ip4 IP address which is the IP address of the client that's um forg 192.168.1 one okay then let's add um let's add um okay select okay uh select next authentication um let's select next use this and we are selecting the EAP as um as Microsoft protected EAP that's peep I click the make sure this are checked um next then next then um you finish so here want to um go back here to the radius um client that we first configured we need to give this a crucial key that's um that is going to be identical between the radio server and the fourth gate um um client then we have it as just give it any um uh Secret key that you can um easily remember then tiger apply then okay so um we we are done with the radius client then the connection request policy um we have this let's move it up the one we initially connected so we are done with this aspect then the other one is the network policy that we need to set click new then give it a friendly name WiFi next um let's add a condition so we are selecting uh Windows group Windows group means that as soon as um our users log to The Domain you can be able to use their username and password to authenticate let's add this let's add a group so we have I've already created a group in the U in the um active directory domains um and and and um AC directory users and computers so I have um a group um called um WiFi that I've already configured there I've already configured it Wi-Fi and I added um users to it so this is the group I'm going going to use at The NPS um level so I'm adding this here which is WiFi check names okay okay um I also want to add one more which is the user groups um User Group which means that if anybody is not on the domain but I want to have their users and all that they can probably use the username and password and also add the domains uh to H which I'm going to show you here so add add group select the same group that was selected earlier oh no back okay yes okay so we have this selected click next access granted um click next we want to select um the the EAP as the Microsoft protected EAP peep then have all of this also uncheck I just want the Microsoft equiped authentication version two um only then next um also click next uh on vendor specific um I would like to also add a vendor specific uh Wi-Fi like I'm creating I'm creating the same group that I used here on on 40 gate but I want to select as a vendor specific so I add it here I add the value attribute value as Wi-Fi I'm still going to show you there okay okay um next okay close next then finish so on the part of um this um radius server setting up for for gate I'm quite done with that so I'm going straight to 40 gate so here we left here so that we can also configure our our sh secret on The NPS so the sh secret that we implemented on NPS we are going to type it here also which is um um yeah okay you see we have to test connectivity and we have that it is successful then um click okay so the next thing you want to do is to create our um SS ID so come to SS ID then um create new SS ID then call it um anything good call it um radius radius um SSID so I'm I'm leaving this as a tunel mode because I want this to have it own IP address and also serve as the HP server to the um connecting um client so I'm putting 192.168 2211 sl24 okay um act as DCP yes so when anybody's connecting this gives it um the IP um IP address and all that so here the SS ID that you want to distribute is um radius SS ID okay then to choose um Enterprise um W 2 Enterprise then you have to select the radio server and the r server is what you just you that was configured there at the users and device then okay so I think at this level I'm done here so click okay so the next thing you want to do is to add this SSID to your AP you know for instance you might have more than one AP in your environment and because you configur doesn't mean they will automatically be added there so what you do is that you want to add them to the AP so I have like um four um access points so I want to add this to each of the asset points that I I have in my environment so I'm adding this to to sales so this sales one that's already already been configured then um if you check here we have two exercises has been added already so I had my own also the one I'm configuring now to hit so which is radius um S ID then click okay I also want to add it to the other um other three um 40 AP in my environment okay then add it to this one else as well um click okay then the next thing you want to do after all this is to create um create a user group um here so here I'm creating a user group um at User Group um create user group um create new so name it um Wi-Fi then um add in this remote group add your uh radius server which is this then uh the group as any okay so you click okay so um sorry at this level of creating your SSID you have to add the group there um yeah just go back SSID um radius server where are you this no this Rus server no no no this it then yeah under authentication here we have radius Ser um okay okay okay nothing yet so this this is fine this is fine okay so go to um policy and object uh under policy create a new policy for your radius server then name name it Wi-Fi radius the incoming interface will be the interface of um the one you just created which is um which is this um so this becomes the tunel SSID automatically becomes an interface on your 40 G because is a tunnel and it's um is a network on his own so it's not brid to the network so you select this tunnel then at going interface is your um is your one interface thep then Source you can select all destination select all then um Services um select all so under this source as well you have to select the group you just created which is um Wi-Fi this wi-fi group you just created H you have to select it because it has to be source for for all your um clients all your users that are connecting VI this so every other thing is um set just select okay so I want to drag this from the bottom to the top so that um it should take uh precedence over every other um firework policy that I have so the next thing for me to do is to um is to connect to my Wi-Fi so under my if I have this um radius server radius SS that was configured is now um visible in my environment then connect so what you want to do is that here you want to add your domain and your username so which is um tiger sorry okay wa I'm having issue connecting let me say where is I'm having issue so has to be on The NPS level so yes okay sorry let me move this to the top move up let me check again let me verify that I have I have everything connected yeah everything is sets Okay okay let's try it again yeah it works so now I have this I have to um type in my username and password um this this works so I can as you can see I'm connected to the radius SSID so for me to continue browsing I have to enter the um usern name and password um of my um that's that's in the radius again yeah so here I don't need to include the tiger logic um The Domain I just have to I can just go ahead and just um typ in the username and the password and and um I'm good so can see I can browse with this and check my mails Gmail thank you

Info

Channel: CybowPoint

Views: 13,229

Rating: undefined out of 5

Keywords: radius, wireless, authentication, nps, windows server, FortiAP, configure, Fortigate, firewall, Fortinet

Id: jdkIvw1tohc

Channel Id: undefined

Length: 17min 27sec (1047 seconds)

Published: Tue Jul 05 2022