FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description TACACS+ does not support Accounting messages.
Solution FortiGate units are capable of
working with TACACS+ Authentication and Authorization, but not with
Accounting. TACACS+ Accounting messages can lead to following error
message (diag debug application fnbamd):
2016-10-28 11:26:01 message_loop: checking timeouts 2016-10-28 11:26:09 fnbamd_fsm.c handle_req-Rcvd 8 req 2016-10-28 11:26:09 fnbamd_acct.c fnbamd_acct_start_STOP-tac_plus accounting not supported 2016-10-28 11:26:09 fnbamd_fsm.c create_acct_session-Nothing to do for acct type 8 2016-10-28 11:26:09 fnbamd_fsm.c handle_req-Error creating acct session 8
Depending of the type of TACACS+ application the server can close the connection due to this "rejection" from FortiGates.
Disable accounting messages between FortiGate units and TACACS+ servers.