Home Knowledge Base SecureW2 Documentation FortiGate AP – Integration Guide

FortiGate AP – Integration Guide

Introduction

A FortiGate is an industry-leading Next Generation Firewall and a versatile security/networking appliance, featuring a fully capable Wi-Fi controller. SecureW2’s CloudRADIUS is a powerful cloud-based solution for WiFi and VPN authentication, offering robust security and streamlined management. Integrating FortiGate with SecureW2 CloudRADIUS significantly enhances the user experience by simplifying deployment and fortifying infrastructure security. This guide provides detailed steps on how to integrate both products.

Prerequisites

The following are the prerequisites to integrate the JoinNow CloudRADIUS server with FortiGate:

  1. Active subscription to the JoinNow Management Portal and CloudRADIUS.
  2. Active subscription with FortiGate.

Configuring RADIUS Servers in FortiGate

This section describes the steps to integrate the CloudRADIUS server with FortiGate for WiFi authentication.

To set up a CloudRADIUS server:

  1. Log in to FortiGate.
  2. Navigate to WiFi & Switch Controller > SSIDs.
  3. From the Create New drop-down menu, select SSID.
  4. On the Create New SSID screen, in the Name field, enter the name of the SSID.
  5. Under WiFi Settings, in the Security Mode Settings section, from the Security mode drop-down list, select WPA2 Enterprise.
  6. In the Authentication field, enable the RADIUS Server option.
  7. From the drop-down list, click Create.
  8. On the New RADIUS Server screen, in the Name field, enter the name of the RADIUS server.
  9. Log in to the JoinNow Management Portal, and navigate to RADIUS > RADIUS Configuration.
  10. Copy the Primary IP Address, Secondary IP Address, and Shared Secret values from Global-1 to your console.
  11. In the Primary Server section, enter the Primary IP Address and Shared Secret values, obtained from Global-1 (in the JoinNow Management Portal), in the IP/Name and Secret fields respectively.
  12. In the Secondary Server section, enter the Secondary IP Address and Shared Secret values, obtained from Global-1 (in the JoinNow Management Portal), in the IP/Name and Secret fields respectively.
  13. If the customer has a subscription for Global -2 EA, the Primary IP Address or the Secondary IP Address, and Shared Secret values (in the JoinNow Management Portal) can be used to configure the Secondary Server in the FortiGate Controller for higher availability.
  14. Click OK.
  15. The FortiGate controller’s default RADIUS port number is 1812. CloudRADIUS assigns each Customer a unique port number which can be obtained from the JoinNow Management portal under RADIUS > RADIUS Configuration > Authentication Port. This port number should be configured in the FortiGate Controller to change the default port number.
  16. To modify the default RADIUS port on the FortiGate controller with the CloudRADIUS port number, use the Command-Line Interface (CLI) to change the RADIUS port number on your FortiGate. Run the following command:
    config system global set radius-port <port number> end
    NOTE: Configuring the CloudRADIUS port number on the FortiGate controller is a global change.
  17. From the Authentication drop-down list, select the RADIUS server created earlier.
  18. Click OK.

With the above successful configuration, the setup is ready for RADIUS authentication. The RADIUS authentication requests from the devices are logged on the RADIUS Events section of the JoinNow Management Portal. To access the RADIUS Events page, log in to the JoinNow Management Portal and navigate to Data and Monitoring > RADIUS Events.