Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
clio
New Contributor

Send radius disconnect to Fortigate from radius server

it' s possible send from my radius server a packet radius disconnect to my Fortigate, to disconnect a user logged in? Thanks.
1 REPLY 1
mturic
Staff
Staff

Hi Clio,

 

FortiGate has an option in the RADIUS settings, called radius-coa.

In order to process incoming Disconnect-Requests from a RADIUS server, you would need to enable this option on the FortiGate. FortiGate would in that case process the received Disconnect-Request, and send additionally to the RADIUS server an Accounting-Stop interim update, to facilitate the termination of the user connection on both sides.

 

config user radius

edit xxxxxxx

set radius-coa enable

end

 

radius-coa {enable | disable}

Enable or disable (by default) RADIUS Change of Authorization (CoA), a mechanism that can change the attributes of an authentication, authorization, and accounting (AAA) session after it is authenticated.

 

For additional info:

https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/918082/user-radius

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Radius-COA-behavior/ta-p/198689

Labels
Top Kudoed Authors