Skip to main content
CSKUM
CSKUM
New Member
February 10, 2025
Question

Fortigate 1000F problem with Radius forward traffic over IPSEC after upgrade from 7.2.10 to 7.4.7

  • February 10, 2025
  • 2 replies
  • 1367 views

We're having Fortigate 1000F in AP HA cluster.

 

We're having an IPSEC tunnel with remote location where we have Wireless access points. Those access points are authorizing clients via NACVIEW radius server which is located on our side of IPSEC tunnel.

 

Everything was working fine until we've upgraded our fortigates from 7.2.10 firmware to 7.4.7. 

 

After the upgrade all RADIUS traffic via IPSEC tunnel stoppped. No traffic is seen on policicies in traffic log. Log is set up to ALL and before the upgrade we've had all the traffic logged. And of course RADIUS authorization stopped working. No request are arriving to NACVIEW radius server from the AP controller on other side of IPSEC tunnel.

 

After downgrading back to 7.2.10 everything started to work again.

 

Is there any bug in 7.4.x firmware reguarding the radius traffic over IPSEC tunnel that anyone know of?

 

We would like to upgrade to 7.4.x firmware due to new policy layout which is much more usefull than the old one.

2 replies

funkylicious
SuperUser
funkylicious
SuperUser
February 10, 2025

hi,

maybe, bug id 869978 .

normal traffic through the ipsec tunnel was reaching the remote site?

"jack of all trades, master of none"
CSKUM
CSKUMAuthor
New Member
February 10, 2025

Yes normal traffic worked without and trouble. I personally have 40f at home with ipsec tunnel to work and it worked without and trouble. Other traffic through other ipsec tunnel also worked without and trouble. Even other types traffic worked through the same tunnel where udp radius didn't. Maybe it's problem with udp traffic?

funkylicious
SuperUser
funkylicious
SuperUser
February 10, 2025

maybe it was a radius problem overall and not for wifi specifically ?

"jack of all trades, master of none"
CSKUM
CSKUMAuthor
New Member
March 2, 2025

As for now we're closing the topic. Due to fact we were able to connect the remote site via a dedicated L2 Vlan the problem doesn't concern us anymore. After switching from IPSEC tunnel to normal L2 routing the problem doesn't exist anymore.

Terms & ConditionsAccessibility statement