Description

This article describes an issue where RADIUS configurations on newly added FortiGate devices are removed after pushing a policy package from FortiManager.

Scope

FortiGate, FortiManager.

Solution

FortiGate is added in FortiManager, andthe  connection status is up:

Policy package assigned to the device:

Radius Config present on the FortiGate before policy package push:

The policy package is pushed by creating a new policy, and the installation preview logs clearly show that the RADIUS server configuration is being purged:

On the FortiGate, the RADIUS configuration is no longer visible as it has already been removed.

FortiManager purges the RADIUS server configuration because it is not referenced in any firewall policy. During a policy package installation, FortiManager is expected to remove radius configurations that have zero references.

The recommended approach is to create the RADIUS server configuration directly in FortiManager, include it in the relevant policy package, and then use the Install Wizard to deploy the package to the FortiGate.

When the policy package is pushed, FortiManager installs the RADIUS configuration, and this time the configuration is not purged.

After the policy package is installed, the RADIUS configuration is present on the FortiGate.