Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Hsharma
Staff
Staff

Created on ‎02-07-2025 08:43 AM Edited on ‎01-14-2026 06:23 AM By Community Manager

Article Id 374750

Troubleshooting Tip: RADIUS server not connecting due to 'No response from the RADIUS server' error and 'Can't contact RADIUS server'

Description This article describes how to handle an issue with RADIUS Server connectivity where debug logs show 'No response from the Radius server' and 'Can't contact RADIUS server', but packets do not leaving FortiGate itself.
Scope FortiGate.
Solution

Connection with the RADIUS server is unsuccessful:

 

Radiusserver.jpg

 

Debugs show the following errors:

 

diagnose debug disable

diagnose debug application fnbamd -1

diagnose debug enable

 

1639] auth_cert_success-id=342768329
[1068] fnbamd_cert_auth_copy_cert_status-req_id=342768329
[1195] fnbamd_cert_auth_copy_cert_status-Cert st 210, req_id=342768329
[209] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 342768329, len=2536
[1584] destroy_auth_cert_session-id=342768329
[1041] fnbamd_cert_auth_uninit-req_id=342768329
[2848] receive_parse_radius_check_response-No response from the RADIUS server.
[2507] handle_req-Rcvd auth_cert req id=342768330, len=1599, opt=8
[983] __cert_auth_ctx_init-req_id=342768330, opt=8
[992] __cert_auth_ctx_init-OCSP resp is found.
[103] __cert_chg_st- 'Init'
[156] fnbamd_cert_load_certs_from_req-3 cert(s) in req.

 

However, the sniffer does not show any packets leaving the FortiGate:

 

Smough-kvm40# di sniffer packet any " host x.x.x.x and port (1812 or 1813) " 
interfaces=[any]
filters=[ host x.x.x.x and port (1812 or 1813) ]
^C
0 packets received by filter
0 packets dropped by kernel

 

Make sure the RADIUS port is not blocked, and check if the RADIUS port is set to any other port in global settings.

 

RadiusImage.jpg

 

If the RADIUS port is different from the default port (1812 or 1813), it should be configured as the default port 1812. In this example, the RADIUS port is 18121, which is incorrect.

 

Note:
If RADIUS communication is happening at a different port, that port should be configured under the RADIUS configuration as well as under global settings.

If the connection status is stuck at the connecting state with a spinning circle and there is no output from debug or sniffer, verify if the demon 'fnbamd' is spiking in CPU usage and restart the process if it is. To do so, refer to this article (The same concept applies despite the title focusing on memory): Technical Tip: How to view, verify and kill the processes consuming more memory in the GUI.

 

Related articles:

Troubleshooting Tip: RADIUS authentication troubleshooting

Troubleshooting Tip: RADIUS authentication failure after the firmware upgrade to v7.2.10/v7.4.5/v7.6...
1379
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.