Fortinet 233 FortiWeb 5.0 Patch 6 Administration Guide
See also
•Configuring RADIUS queries
•Configuring NTLM queries
Configuring RADIUS queriesFortiWeb can use RADIUS queries to authenticate and authorize end-users’ HTTP requests (see
“Offloading HTTP authentication & authorization” on page 225). FortiWeb can also use RADIUS
queries to authenticate administrators’ access to the web UI or CLI (see “Group ing remote
authentication queries for administrators” on page 218).
Remote Authentication and Dial-in User Service (RADIUS) servers provide authentication,
authorization, and accounting functions. The FortiWeb authentication feature uses RADIUS user
queries to authenticate and authorize HTTP requests. (The HTTP protocol does not support
active logouts, and can only passively log out users when their connection times out. Therefore
FortiWeb does not fully support RADIUS accounting.) RADIUS authentication with realms (i.e.
the person logs in with an account such as admin@example.com) are supported.
To authenticate a user or administrator, the FortiWeb appliance sends the user’s credentials to
RADIUS for authentication. If the RADIUS server replies to the query with a signal of successful
authentication, the client is successfully authenticated with the FortiWeb appliance. If RADIUS
authentication fails or the query returns a negative result, the appliance refuses the connection.
If this query will be used to authenticate administrators, and your RADIUS server is slow to
answer, you may need to adjust the authentication timeout setting to prevent the query from
failing. See the FortiWeb CLI Reference. (For end-user queries, configure Connection Timeout
instead.)
To configure a RADIUS query
1. Before configuring the query, if you will configure a secure connection, you must upload the
certificate of the CA that signed the RADIUS server’s certificate. For details, see “Uploading
trusted CAs’ certificates” on page 280.
2. Go to User > Remote Server > RADIUS Server.
To access this part of the web UI, your administrator's account access profile must have
Read and Write permission to items in the Auth Users category. For details, see
“Permissions” on page 47.
3. Click Create New.
A dialog appears.
If you use a RADIUS query for administrators, separate it from the queries for regular users. Do
not combine administrator and user queries into a single entry. Failure to separate queries
will allow end-users to have administrative access the FortiWeb web UI and CLI.