Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RFAHMI
New Contributor

Cannot ping RADUIS server but I can ping internet. i.e., 8.8.8.8

We have a #FortiGate80CM and I could ping from the #guest_wifi interface all the net except the radius server Wich used for guest to authenticate.

Any ideas what may be caused the issue I created a static route to the radius subnet but nothing?

 

 

Thanks in advance,

 

6 REPLIES 6
abelio
Valued Contributor

Just maybe radius server doesn't reply ping requests

ICMP ping is not required for authentication through radius protocol.

A static route may not be enough.

 

 

 

 

 

regards


__ Abel

RFAHMI
New Contributor

Thanks for your response, actually the RADUIS serv can respond to ICMP if ICMP works then authenticate will work as well, the weird thing is I can ping all the net except the radius subnet which is  third-party server.

alif

it could be a routing issue.

 

Please run debugs on Fortigate for further investigation.

diagnose debug reset
diagnose debug flow filter addr <Radius_IP>
diagnose debug flow filter proto 1
diagnose debug console timestamp enable
diagnose debug flow trace start 1000
diagnose debug enable

 

Now initiate ICMP traffic to Radius server. After performing the test, you can stop debugging;
diagnose debug disable
diagnose debug reset

Regards,
SFA
Markus_M

Note that ICMP and RADIUS (udp) are unrelated. ICMP is for testing the network generally. The server may really reject ping unless setup to allow it and RADIUS - then yes, fixing ping will also allow RADIUS traffic to arrive at that box.

Muhammad_Haiqal

Hi @RFAHMI ,

 

Fixing ping does not mean will also allow Radius.
Example:
Allowing ping does not mean you can RDP to the server if RDP is not allowed on the server itself.

 

Same goes to Radius.
Allowing Ping, does not mean Radius will be working.

haiqal
Muhammad_Haiqal

HI @RFAHMI ,

Its the best if you can provide simple network diagram for this issue.

By default, windows firewall block ping. You may consider to disable Windows firewall on the radius server 1st.

 

From Guest_wifi interface, you able to ping all the net, but not Radius server.
Is the Radius server sit on different network? Or same network?
Are you able to ping the Radius server from same network?


This information will help to troubleshoot further.

 

 

haiqal