Prerequisite: Install NPS Client on a Windows Server.
Setup NPS Radius Client and create a Shared Secret and keep this key for later.
Create a new Connection Request Policy.
In the Conditions tab add the IPv4 address of the firewall.
In the Settings tab add Vendor-Specific | RADIUS Standard, we will add 2 values.
In this example Firewall_Admins is the RADIUS connection User Group and the Admin_Access is a VSA 6 (Vendor Specific Attribute with a String of 6) admin login profile.
Create a new Network Policy – Authentication.
In Conditions create a Windows User Group or add a group that will access the firewall.
In Constraints add the authentication methods.
This completes the Windows RADIUS side of installation.
Login to the Fortigate and setup a RADIUS server connection.
Setup the RADIUS servers with the values that match your RADIUS server. I called mine RADIUS-Connection.
You can test connectivity and confirm success.
Go to User Groups and add a new group. Mine is called Radius_Admin.
Add the Remote Group from above with the Remote Server name and called the group name Firewall_Admin.
NOTE: The Group Name needs to match the RADIUS server!
Under Admin Profiles create a new profile and name it Admin_Access.
NOTE: The Profile Name needs to match the RADIUS server!
Now create a new administrator and give the Administrator Profile and Remote User Group the same options as above.
Now test the login!
If you are unable to login then test by enabling debugging and send an authentication request.
diag debug enable
diag debug app fnbamd -1
diag test authserver radius <server_name> <chap | pap | mschap | mschap2> <username> <password>