Technical Tip: Logs required for L7 VS Radius issues

Description

This article describes how to collect logs required by TAC to troubleshoot L7 VS Radius issues.

Scope

FortiADC.

Solution

1. Capture packets from both the client and server sides.

Packet Capture 1 (Client <-> FortiADC).

• In the GUI, go to Networking -> Packet Capture -> Create New.

• Select the port that will receive the client traffic.

• Specify the client IP address (as FortiADC sees it: (Format: 1.2.3.4/32).

• Specify the port when the client accesses the Virtual Server.

• Maximum Packet Count: 50000.

• OK.

• Start (Play button).

Packet Capture 1 (FortiADC <-> Real Server).

• In the GUI, go to Networking -> Packet Capture -> Create New.

• Select the Port which will send the traffic to the Real Servers.

• Specify the IP address or IP range of the Real Server(s) (Format: 1.2.3.4/32).

• Specify the Real server port.

• Maximum Packet Count: 50000.

• OK.

• Start (Play button).

2. Enable the diagnostic debug log at the same time, and collect log outputs from the SSH terminal:
   
   

diagnose debug module fnginx radius
diagnose debug module fnginx conf
diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25" ####Change to be the actual one
diagnose debug enable

3. Disable diagnose debug:
   
   

diagnose debug disable
diagnose debug module fnginx unset

4. Collect the all-in-one debug log via GUI -> Global -> System -> Debug -> System Debug -> Save Debug File -> Download the file once the status is Ready.

5. Create a Support ticket and attach the collected files.