FortiNAC
FortiNAC is a s a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
ethomollari
Staff
Staff
Description This article describes how to perform basic debugging via FortiNAC GUI  for Local Radius Server,  in order to verify if the processes are working as expected or to provide TAC support with additional debug information at the beginning of a ticket.
Scope  
Solution

In 9.2.2 there is an enhanced GUI view for troubleshooting Local Radius in FortiNAC.

Both RADIUS service and FortiNAC server debug can be enabled independently.

 

To check if Radius Service is running properly or not, which  is a good starting place for authentication and service startup failures.

 

- Select Network -> RADIUS -> Local Service (no.1).

 

-On the Local Radius Service status in the right from the drop-down menu(no.4), select Service Status .

 

-If service is not running properly, it is possible to check the debugging logs in the right for any hints or indications for the failure 

 

Local Radius 1.png

 

To check Radius Server logs which is useful when authentication succeeds up to the post-auth phase where FortiNAC does post-auth processing and can diagnose why FortiNAC returns  deny, incorrect VLAN or filter ID, or wrong/missing response value data.

 

- Turn on Debug & Troubleshooting (no.1).

 

- Define verbosity level : high, medium, low (no.2).

 

- Enable FortiNAC server debug related to local RADIUS access processing.

Debug outputs will be displayed in the right under Local Service tab. Select from the drop-down  Service Status > Server Log.  (no.3 and no.7).

 

- For specific filtering on MAC address, it is possible to specify via no.4 or no.6.

- For added information regarding the network access policy applied, you can turn it on (no.5).

 

Local Radius 2.png

 

If the FortiNAC is joined to Active Directory for MSCHAPv2 authentication, then the local radius winbind process can be checked via GUI too.

 

- Got to Network -> RADIUS -> Winbind (no.1 and no.4).

 

-Check if it is running and domain is joined (no.2 and no.3).

 

Local radius 3.png

 

 

Related Articles :

 

https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Local-RADIUS-log-message-examples/ta-...

 

https://docs.fortinet.com/document/fortinac/9.2.0/administration-guide/450544/local-radius-server 

 

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/727f3a53-b168-11eb-b70b-005056...