The previous blog describes how to enable the explicit proxy feature of the FortiGate firewall, which is not described in the article How to configure Windows NPS as a RADIUS server to help authenticate proxy clients.
Today's blog describes how to configure the process of Windows NPS as a RADIUS service used by FortiGate:
The following begins the text:
Install Windows NPS: The installation process is very simple, and the server Manager->add roles and features-> Select the Windows Network Policy Service;
to start the management interface for network Policy server: windows+r-> input nps.msc after enter;
Configure the shared Secret Template: This step is nothing to say, the most important thing is to pay attention to the security of this shared Secret, it is recommended that you use NPS's own generate function to claim a higher security shared Secret
NPS automatically generates a shared secret length of 64 bits;
Contains uppercase and lowercase letters, numbers, special symbols, etc.;
Note: Some devices or programs may not support the 64-bit length of the shared Secret, but the fortigate is perfectly supported, and everyone can rest assured.
The new template here is mainly for the convenience of adding RADIUS clients behind us;
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/94/wKioL1Se01qxRnS5AANAts4jeJM354.jpg "title=" screen Shot 2014-12-27 at 23.35.57.png "alt=" Wkiol1se01qxrns5aanats4jejm354.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/94/wKioL1Se1cfwdiPKAAPVDSE9c-E480.jpg "title=" screen Shot 2014-12-27 at 23.49.23.png "alt=" Wkiol1se1cfwdipkaapvdse9c-e480.jpg "/>
Table 1: This form is from FortiGate official documents, reference Links:
http://kb.fortinet.com/kb/viewAttachment.do?attachID=Dictionary.Fortinet.FOS.v3.0%20MR7.txt&documentID= FD30830
http://kb.fortinet.com/kb/viewAttachment.do?attachID=Dictionary.Fortinet.FOS.v400.txt&documentID=FD30830
ATTRIBUTEfortinet-group-name |
1 |
String |
ATTRIBUTEfortinet-client-ip-address |
2 |
InetAddr |
ATTRIBUTEfortinet-vdom-name |
3 |
String |
ATTRIBUTEfortinet-client-ipv6-address |
4 |
octets (Optional) |
ATTRIBUTEfortinet-interface-name |
5 |
String |
ATTRIBUTEfortinet-access-profile |
6 |
String |
The following is, for your convenience, please refer to:
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/96/wKiom1Se3XjxJJVrAAKLnFKi_RE096.jpg "title=" screen Shot 2014-12-28 at 00.02.48.png "alt=" Wkiom1se3xjxjjvraaklnfki_re096.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/94/wKioL1Se3kuSsTPPAAM3ZCuP55A516.jpg "title=" screen Shot 2014-12-28 at 00.03.01.png "alt=" Wkiol1se3kusstppaam3zcup55a516.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/96/wKiom1Se3byx-ZZ-AAPRQbDGqa8852.jpg "title=" screen Shot 2014-12-28 at 00.10.33.png "alt=" Wkiom1se3byx-zz-aaprqbdgqa8852.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/94/wKioL1Se3n7ypKujAAEWuL_6zGM242.jpg "title=" screen Shot 2014-12-28 at 00.23.21.png "alt=" Wkiol1se3n7ypkujaaewul_6zgm242.jpg "/>
Done, the rest of the settings, back to the previous blog reference can be.
This article is from the "dream-dependent practice-Original only" blog, please be sure to keep this source http://yinzi7.blog.51cto.com/299508/1596738
Configure Windows NPS as a RADIUS server for the FortiGate firewall