Skip to main content
martyyy
martyyy
Explorer III
February 7, 2025
Solved

Require Message-Authenticator from NAD

  • February 7, 2025
  • 1 reply
  • 1512 views

Hi,


Due to recent vulnerabilities in radius, we would like to enable Message-Authenticator on our clearpass server.
After enabling this option in clearpass, we get errors in clearpass that the radius packet received from FortiGate-1100E (v7.2.8 build1639 (Mature) is without Message-Authenticator as below.

Is it possible to enable this?

 

Source RADIUS
Level ERROR
Category Authentication
Action Unknown
Description
Failed to decode RADIUS packet - Received packet from x.x.x.x without Message-Authenticator

TIA :) 

Best answer by rbraha

Hi @martyyy 

 

You will need to upgrade FTG to version 7.2.10 ,please check the release notes below.

 

https://docs.fortinet.com/document/fortigate/7.2.10/fortios-release-notes/5880/radius-vulnerability

1 reply

rbraha
Staff
rbrahaAnswer
Staff
February 7, 2025

Hi @martyyy 

 

You will need to upgrade FTG to version 7.2.10 ,please check the release notes below.

 

https://docs.fortinet.com/document/fortigate/7.2.10/fortios-release-notes/5880/radius-vulnerability

    Terms & ConditionsAccessibility statement