Fortinet 5.0 Patch 6 Configuring RADIUS queries

Fortinet 233 FortiWeb 5.0 Patch 6 Administration Guide

See also

•Configuring RADIUS queries

•Configuring NTLM queries

Configuring RADIUS queries

FortiWeb can use RADIUS queries to authenticate and authorize end-users’ HTTP requests (see

“Offloading HTTP authentication & authorization” on page 225). FortiWeb can also use RADIUS

queries to authenticate administrators’ access to the web UI or CLI (see “Group ing remote

authentication queries for administrators” on page 218).

Remote Authentication and Dial-in User Service (RADIUS) servers provide authentication,

authorization, and accounting functions. The FortiWeb authentication feature uses RADIUS user

queries to authenticate and authorize HTTP requests. (The HTTP protocol does not support

active logouts, and can only passively log out users when their connection times out. Therefore

FortiWeb does not fully support RADIUS accounting.) RADIUS authentication with realms (i.e.

the person logs in with an account such as admin@example.com) are supported.

To authenticate a user or administrator, the FortiWeb appliance sends the user’s credentials to

RADIUS for authentication. If the RADIUS server replies to the query with a signal of successful

authentication, the client is successfully authenticated with the FortiWeb appliance. If RADIUS

authentication fails or the query returns a negative result, the appliance refuses the connection.

If this query will be used to authenticate administrators, and your RADIUS server is slow to

answer, you may need to adjust the authentication timeout setting to prevent the query from

failing. See the FortiWeb CLI Reference. (For end-user queries, configure Connection Timeout

instead.)

To configure a RADIUS query

1. Before configuring the query, if you will configure a secure connection, you must upload the

certificate of the CA that signed the RADIUS server’s certificate. For details, see “Uploading

trusted CAs’ certificates” on page 280.

2. Go to User > Remote Server > RADIUS Server.

To access this part of the web UI, your administrator's account access profile must have

Read and Write permission to items in the Auth Users category. For details, see

“Permissions” on page 47.

3. Click Create New.

A dialog appears.

If you use a RADIUS query for administrators, separate it from the queries for regular users. Do

not combine administrator and user queries into a single entry. Failure to separate queries

will allow end-users to have administrative access the FortiWeb web UI and CLI.