Adding Radius Users to a FortiGate with 2FA Enabled

Quick HowTo on adding a new radius user to a FortiGate with SMS 2FA enabled, this is effectively a reference to a user configured on a radius server somewhere with a mobile number specified for the 2FA code to be delivered to. As before if you use this config on your own hardware you use it at your own risk.

FG-Test-A # config user local
FG-Test-A (local) # edit demo.user
new entry 'demo.user' added
FG-Test-A (demo.user) # set type radius
FG-Test-A (demo.user) # set sms-server custom
FG-Test-A (demo.user) # set sms-custom-server <sms-server-name>
FG-Test-A (demo.user) # set sms-phone <mobile-number>
FG-Test-A (demo.user) # set two-factor sms
FG-Test-A (demo.user) # set radius-server <radius-server-name>
FG-Test-A (demo.user) # end

FG-Test-A # config user group
FG-Test-A (group) # edit <group-name>
FG-Test-A (group-name) # append member demo.user
FG-Test-A (group-name) # end

About Will Curtis 10 Articles
Network Engineer, Productivity Geek, Pretend Photographer & Lego Fanatic. Even heroes have a day job! Networks & telecom engineer with 16 years experience in the IT/Comms industry. Passionate about productivity and GTD methodologies. Amateur [Photo|Video]grapher & dreamer. Apple fan. Dad.

Be the first to comment

Leave a Reply

Your email address will not be published.