Technical Tip: How to configure COA (Change of Authorization) support on the FortiGate

Accounting is required for Change of Authorization (CoA) to function properly on FortiGate devices. Accounting helps track and manage changes made during CoA processes effectively.
Change of Authorization (CoA) will not work without configuring accounting packets. Accounting is required for CoA to function properly as it provides the necessary information for the CoA process to be executed accurately.

The following configuration is required for COA on the FortiGate so that the FortiGate is able to honor the COA sent by the RADIUS server:

config user radius

edit "radius_server_name"

set acct-interim-interval XXX <- Ensure that the value for <seconds> falls within the range of 60 to 86400 seconds for the accounting interval to be set correctly.

set radius-coa enable

config accounting-server

edit 1

set status enable

set server "x.x.x.x" <- x.x.x.x is the RADIUS server IP address.

set secret <secret key configured over the RADIUS server>

set port 1813

next

end

next

end

For the interim accounting update to be triggered, make sure that the RADIUS server is configured to include the interim accounting interval attribute in the Access-Accept packet, and that the value matches with that configured over the FortiGate.