This document describes the configurations required for RADIUS integration between the Octopus Authenticator and FortiGate VPN connection.

Octopus Authenticator RADIUS Service Configuration

  • Login to Octopus Authenticator Management Console
  • Select Services from the left pane
  • Select Add Service
  • Click RADIUS service template

Tab-1: General Information

The following field and values are displayed

Field nameField value
Service nameFortiGate SSL VPN
DescriptionFortiGate SSL VPN Client Authentication
Service statusEnable
Display icon

Tab-2: Parameters

The following fields and values are displayed

Field nameField value
LoginLogin authentication method for FortiGate VPN
RADIUS key nameNAS-IP- Address
RADIUS key value<FortiGate Server IP Address or>
+ Add additional parameterDo not add any parameters

Tab-3: Sign On

The following fields and values are displayed

Field nameField value
Multi Factor Authentication (MFA)Off (default)
Sign on MethodRADIUS
Secret<FortiGate RADIUS Secret code>

Step-4: Users

To configure the users of the service

  • Select users either from “Local Users” or “LDAP Users” lists
  • You can select either:
    • A group of users to import, by clicking on the dot next to one of the folders
    • An individual user to import, by clicking on the dot next to that user

The corresponding dot will then be colored blue. When you select only some of the users in the group,
the dot adjacent to the group will be colored partially.

After saving the settings, the selected users will be enrolled in the service.

  • Click “Save Settings

FortiGate SSL VPN Server Configuration

  • Login to your FortiGate SSL VPN server console

  • On the FortiGate Administration console select User -> Remote -> RADIUS
  • Click on Create New and enter the following information:

  • At the New RADIUS server page, set the following parameters:
    • Name: Your Octopus Authenticator Server name
    • Primary Server Name/IP: Your Octopus Authenticator Server name or IP address
    • Primary Server Secret: At Octopus Authenticator Management console -> System settings -> Services settings -> Show and copy RADIUS secret value
  • Click Ok, to save the settings

Note: The FortiGate Server has a RADIUS authentication default timeout of 5 seconds, which will fail for anything other than a passcode authentication. To resolve the 5 second RADIUS authentication default timeout you can use FortiGate command line interface. Secret Double Octopus recommends defining the RADIUS authentication timeout to 60 seconds.

  1. SSH to your FortiGate server
  2. Type the following command lines:
config system global
   set remoteauthtimeout <secs_int>

config user radius
     edit <radius_server_name>
     set timeout <secs_int>

FortiGate VPN Client Configuration


  • Download and install FortiGate VPN client (also known as FortiClient)

  • Under Windows Settings Select Network & Internet settings

  • Select VPN

  • Add VPN connection

  • Enter VPN connection configuration: 
    • VPN provider
    • VPN connection name
    • VPN Server name or IP

  • Click “Save