Skip to main content
AbdullahMohamed
AbdullahMohamed
New Member
April 2, 2021
Question

RADIUS and Relay

  • April 2, 2021
  • 1 reply
  • 6042 views
Hello I have a Fortigate connected to 3 FortiSwitches and every switch is connected to about 7 FortiAP, Now I am using WPA2 Enterprise with RADIUS and incoming Vlan ID attribute , so when client access my ssid with uname and password its automatically assigned to his vlan , my problem is when i created a vlans under my ssid I am using a dhcp relay , every client is automatically take his vlan and also my dhcp assign him the ip , but when i ping the gateway which is the vlan ip it self the ping request is time out ! , and i could not ping the dhcp itself from the client pc , however i can ping it from fortigate with source ip the vlan ip ( which is the gateway) can some one help ! Is it a bug or something ? No policies yet ( its a public policy with any any allow all ) and static default route to my p2p connection .

    1 reply

    lobstercreed
    lobstercreed
    New Member
    April 2, 2021

    It sounds to me like everything is working properly; what is the problem exactly?  Pings are not necessary.  Can you not reach the Internet? 

     

    Firewalls typically don't respond to pings (making sure it responds is more complicated than I want to get into here - admin access, trusted hosts, local-in, etc), and if you don't have a policy allowing the clients to ping the DHCP server then that would be why they can't ping it.

    AbdullahMohamed
    AbdullahMohamedAuthor
    New Member
    April 2, 2021
    Thank you for reply , My exact problem is I can not reach any HQ servers including dhcp server not only ping , and according to your comment you said that FW usually doesn't reply to ping , however I have another internal vlan with internal dhcp and i can ping FW IP normally ! Why I can not ping it from the dynamic assigned Vlans with Relay dhcp ? Also as I said i can ping my hq servers from Fortigate itself with source ip the gateway of the clients ( the interface vlan itself ) , and my policy is ( from any source interface and any address to any destination interface and any address with any service allowed without any profiles applied ) That is my problem its totally un-logic so i am confused dear .
    emnoc
    emnoc
    New Member
    April 2, 2021

    did you run "diag debug flow" what doe it tell you in the output ?

     

    Ken Felix

    Terms & ConditionsAccessibility statement