Skip to main content
ismailurek2
ismailurek2
New Member
January 1, 2025
Question

FortiAuthenticator Usage Profile Not running

  • January 1, 2025
  • 1 reply
  • 1447 views

Hello, 

 

I want to limit the VPN connection of local or imported ldap user as data and time using usage profile on FortiAuthenticator. I am listening on 1646 radius acconting. 1646 port is open on FortiGate and FortiAuthenticator. When the user exceeds the specified limit, no warning and interruption is observed. Can anyone realize this application or have any suggestions? By the way, when the user connects, I cannot see any session in Monitor > Radius Session field.

 

I have followed all the warnings in this document:

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Usage-Profiles-not-enforced-for-RADIUS/ta-p/198682

 




1 reply

ebilcari
Staff
ebilcari
Staff
January 2, 2025

Firstly you can run a packet capture in FAC to verify that indeed the Accounting messages are reaching FAC. Later you can check from the debugs, https://fac/debug/ [Accounting Monitor] logs to get a better overview on what is happening.

Emirjon
    ismailurek2
    ismailurek2Author
    New Member
    January 2, 2025

    Hi @ebilcari ,

    When I look at the accounting monitor, I get an invalid error in this way. I do not have information about which field to apply the secret I set for accounting on the FortiGate side on the FortiAuthenticator side.

     

    image.png

    ebilcari
    Staff
    ebilcari
    Staff
    January 3, 2025

    The secret for accounting messages should be the same as the one used for authentication, remember to also enable this toggle:

    shared-acc.PNG

    Emirjon
    Terms & ConditionsAccessibility statement