Timed Network Access - RADIUS Server

If you are implementing a network that provides guest access, you need authentication that expires after a fixed period of time. A FortiGate unit can support this authentication model using a RADIUS server to perform user authentication.

If the RADIUS Session-Timeout attribute on the user account is non-zero, the FortiGate unit receives a notification message when the timeout expires. The user's network session terminates. The user can no longer authenticate and use the network.

The FortiGate auth-keepalive feature, configurable in the CLI, has no effect when using the RADIUS Session-Timeout feature.

RADIUS Session-Timeout is specified in seconds, per-user in the RADIUS database users file, raddb/users. The actual method of creating user accounts and specifying timeouts depends on the particular RADIUS server and any configuration tools it includes. It can also depend on how the RADIUS server is integrated with other systems.

• All FortiGate and FortiWiFi units running FortiOS v3.0 MR4 and higher
• RADIUS server

Configure the RADIUS server as indicated in its documentation, or in the documentation of the management system where it is integrated.

To configure the FortiGate unit

1. Go to User> RADIUS and specify the RADIUS server, including the appropriate user group on the RADIUS server.
2. Go to User> User Group.
3. Create a user group containing only the RADIUS server.
4. Go to Firewall> Policy.
5. Create the firewall policy for network access.
6. Select Authentication and specify the user group you created.

For more detailed information on any of these steps, refer to the FortiGate Administration Guide.