Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Anonymous
Not applicable

Created on ‎01-25-2022 10:51 PM Edited on ‎06-17-2024 01:33 AM By Community Manager

Article Id 203679

Troubleshooting Tip: FortiNAC Local Radius Debug and Troubleshooting via GUI

Description This article describes how to perform basic debugging via FortiNAC GUI for Local Radius Server, in order to verify if the processes are working as expected or to provide TAC support with additional debug information at the beginning of a ticket.
Scope FortiNAC version 9.1 and above,
FortiNAC-F version 7.2 and above
Solution

In 9.2.2 there is an enhanced GUI view for troubleshooting Local Radius in FortiNAC.

Both RADIUS service and FortiNAC server debug can be enabled independently.

 

To check if Radius Service is running properly or not, which is a good starting place for authentication and service startup failures.

 

- Select Network -> RADIUS -> Local Service (no.1).

 

-On the Local Radius Service status in the right from the drop-down menu(no.4), select Service Status .

 

-If service is not running properly, it is possible to check the debugging logs in the right for any hints or indications for the failure 

 

Local Radius 1.png

 

To check Radius Server logs which is useful when authentication succeeds up to the post-auth phase where FortiNAC does post-auth processing and can diagnose why FortiNAC returns  deny, incorrect VLAN or filter ID, or wrong/missing response value data.

 

  • Turn on Debug & Troubleshooting (no.1).
  • Define verbosity level : high, medium, low (no.2).
  • Enable FortiNAC server debug related to local RADIUS access processing.

Debug outputs will be displayed in the right under Local Service tab. Select from the drop-down Service Status > Server Log.  (no.3 and no.7).

 

  • For specific filtering on MAC address, it is possible to specify via no.4 or no.6.
  • For added information regarding the network access policy applied, you can turn it on (no.5).

 

Local Radius 2.png

 

If the FortiNAC is joined to Active Directory for MSCHAPv2 authentication, then the local radius winbind process can be checked via GUI too.

 

  • Go to Network -> RADIUS -> Winbind (no.1 and no.4).
  • Check if it is running and the domain is joined (no.2 and no.3).

 

Local radius 3.png

 

Related Articles :

Troubleshooting Tip: Troubleshoot and Debug FortiNAC Local Radius via GUI and CLI
Troubleshooting-Tip-Local-RADIUS-log-message-examples 

Local Radius Server - Administration Guide

FortiNAC_Local_RADIUS_Server_v9
3925
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.