Troubleshooting Tip: Initial troubleshooting steps when FortiGate is unable to contact the RADIUS server

1. Add a new RADIUS Server on the FortiGate by navigating to User & Authentication -> RADIUS Servers. Select Create New and enter the RADIUS Server's IP address and secret, then select Test connectivity.

2. Perform the following steps if the Connection status displays 'Can't contact RADIUS server':

1. Open the FortiGate's CLI and ensure that there is two-way connection between the FortiGate and the RADIUS server by using the following commands and selecting the Test Connectivity button again.

di sni pa any 'host <RADIUS IP Address> and port 1812' 4

Press Ctrl+C to cancel the command

2. Temporarily disable Windows Firewall on the NPS server and repeat step 2.i. If the issue persists, verify that the connection is not blocked by other software firewalls enabled on the server. Furthermore, ensure that the Windows Server where NPS was installed is listening on port 1812 by opening a command prompt and using the following command:

netstat -a | findstr 1812

3. Restart the Network Policy Server via services.msc on the Windows Server if it is not listening on port 1812, then repeat step 2.1. If the issue persists, double check and ensure that the Network Policy Server settings was configured correctly.