Send radius disconnect to Fortigate from radius server

Question

it' s possible send from my radius server a packet radius disconnect to my Fortigate, to disconnect a user logged in?  Thanks.

mturic · Answer

Hi Clio,

FortiGate has an option in the RADIUS settings, called radius-coa.

In order to process incoming Disconnect-Requests from a RADIUS server, you would need to enable this option on the FortiGate. FortiGate would in that case process the received Disconnect-Request, and send additionally to the RADIUS server an Accounting-Stop interim update, to facilitate the termination of the user connection on both sides.

config user radius

edit xxxxxxx

set radius-coa enable

end

radius-coa {enable | disable}

Enable or disable (by default) RADIUS Change of Authorization (CoA), a mechanism that can change the attributes of an authentication, authorization, and accounting (AAA) session after it is authenticated.

For additional info:

https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/918082/user-radius

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Radius-COA-behavior/ta-p/198689

radius-coa {enable | disable}

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded