1. Add a new RADIUS Server on the FortiGate by navigating to User & Authentication -> RADIUS Servers. Select Create New and enter the RADIUS Server's IP address and secret, then select Test connectivity.

2. Perform the following steps if the Connection status displays 'Can't contact RADIUS server':

   1. Open the FortiGate's CLI and ensure that there is a two-way connection between the FortiGate and the RADIUS server by using the following commands and selecting the Test Connectivity button again.
      
      

   di sni pa any 'host <RADIUS IP Address> and port 1812' 4

    

   Press Ctrl+C to cancel the command

    

   2. Temporarily disable Windows Firewall on the NPS server and repeat step 2.i. If the issue persists, verify that the connection is not blocked by other software firewalls enabled on the server. Furthermore, ensure that the Windows Server where NPS was installed is listening on port 1812 by opening a command prompt and using the following command:
      
      

   netstat -a | findstr 1812

    

   

    

    

   3. Restart the Network Policy Server via services.msc on the Windows Server if it is not listening on port 1812, then repeat step 2.1. If the issue persists, double-check and ensure that the Network Policy Server settings were configured correctly.

    

   3. Verify that the local firewall, such as Windows Firewall or antivirus software, is not obstructing UDP ports 1812 and 1813. Temporarily disable the endpoint firewall and any antivirus programs to test the connectivity between the devices.

    

   

    

Related article:
Troubleshooting Tip: RADIUS authentication failure after the firmware upgrade to v7.2.10/v7.4.5/v7.6...