Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ayluht
Staff
Staff

Created on ‎10-16-2024 06:37 AM

Article Id 349780

Troubleshooting Tip: Custom nasi-id is not working as expected

Description

This article describes a solution for a situation where, even though the custom nas-id is configured, FortiGate is still sending the hostname as the nas-id in 7.2.x versions.
Scope FortiGate.
Solution

As a new feature in 7.2.0, RADIUS NAS-ID can be configured as a custom or hostname so that FortiGate can use the customer nas-id in its access-request.

 

config user radius

    edit < server >
        set nas-id-type custom
        set nas-id Fortinas
    next
end

 

In the wireshark capture below, it is seen that FortiGate is sending hostname as nas-id, which is not expected.

 

RADIUS Protocol
Code: Access-Request (1)
Packet identifier: 0x0 (0)
Length: 124
Authenticator: abc3946e1e24169150998e772ef3669e
[The response to this request is in frame 2]
Attribute Value Pairs
AVP: t=NAS-Identifier(32) l=13 val=z0089twofafw
Type: 32
Length: 13
NAS-Identifier: z0089twofafw


In 7.2.x versions, this new feature is only supported on wireless authentication. When using other authentication methods, the custom nas-id feature will be supported in version 7.4.2 and above. In order to use any other authentication methods with custom nas-id, upgrade to 7.4.2 or above.
164
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.