Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jcamacho1
Staff
Staff

Created on ‎11-04-2016 05:06 PM

Technical note: TACACS+ Accounting messages

Description
TACACS+ does not support Accounting messages.

Solution
FortiGate units are capable of working with TACACS+ Authentication and Authorization, but not with Accounting. TACACS+ Accounting messages can lead to following error message (diag debug application fnbamd):
2016-10-28 11:26:01 message_loop: checking timeouts
2016-10-28 11:26:09 fnbamd_fsm.c[2194] handle_req-Rcvd 8 req
2016-10-28 11:26:09 fnbamd_acct.c[301] fnbamd_acct_start_STOP-tac_plus accounting not supported
2016-10-28 11:26:09 fnbamd_fsm.c[1251] create_acct_session-Nothing to do for acct type 8
2016-10-28 11:26:09 fnbamd_fsm.c[2206] handle_req-Error creating acct session 8
Depending of the type of TACACS+ application the server can close the connection due to this "rejection" from FortiGates.

Disable accounting messages between FortiGate units and TACACS+ servers.
Labels:
1311
0 Kudos
Contributors

Contact Us