Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Akmostafa
New Contributor III

Created on ‎08-18-2022 04:15 PM

Accounting to FortiAuthenticator and user usage profiles

Hello Friends.

I have followed the exact steps described in the below KB.

The user is successfully authenticated to the SSID and is viewed on the Fortigate as a firewall user (#dia firewall auth list)

I can see from packet capture that FG is sending the interm accounting messages to FAC on the specified period  and I see the ACC response packets from fAC in the sniffer.

 

However, on FAC -- monitor --- radius sessions I see 0 accounting sessions.

When I view user usage details : it is not counting anything and the user is not disconnected when reaching the max kilobytes specified in the suer profile.

 

I am not sure what I am missing here.

 

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Usage-Profiles-not-enforced-for-R...

 

 

Labels:
1940
0 Kudos
1 Solution
Markus_M
Staff
Staff
In response to Akmostafa

Created on ‎08-24-2022 09:07 AM

Hello,

 

please also check this one (that should match the ports you are using):

2022-08-24_18-05-51.png

Best regards,

 

Markus

View solution in original post

1895
0 Kudos
6 REPLIES 6
Markus_M
Staff
Staff

Created on ‎08-20-2022 06:02 AM

Hello Akmostafa,

 

there must be an "Accounting Start" packet as well, prior to the interim updates, which should contain only the updates to the session.

Under your FortiAuthenticator debug, you should see (https://fac-ip/debug) a section for RADIUS accounting. Check this one to see what is done with the respective sessions.

 

Best regards,

 

Markus

1922
0 Kudos
Akmostafa
New Contributor III
In response to Markus_M

Created on ‎08-21-2022 05:34 AM

I verified RADIUS accounting start is sent. (See snapshot , note the duplicate packets are due to that I am capturing from Fortigate and the packets are being caputured many times due to packet seeing on input and output interfaces)

On the debugs I can only see the below lines:

 

08/21/2022 14:23:25 [588305792] FortiAuthenticator rad_accounting [1260] [DEBUG]: [Maintenance] Publish accounting state to file
08/21/2022 14:23:25 [588305792] FortiAuthenticator rad_accounting [1260] [INFO]: Updated accounting sessions file. Status = 0
08/21/2022 14:23:55 [588305792] FortiAuthenticator rad_accounting [1260] [DEBUG]: [Maintenance] Save expired accounting sessions to DB
08/21/2022 14:24:22 [588305792] FortiAuthenticator rad_accounting [1260] [DEBUG]: [Maintenance] Publish accounting state to file
08/21/2022 14:24:22 [588305792] FortiAuthenticator rad_accounting [1260] [INFO]: Updated accounting sessions file. Status = 0
08/21/2022 14:24:22 [588305792] FortiAuthenticator rad_accounting [1260] [DEBUG]: [Maintenance] Publish accounting state to file
08/21/2022 14:24:22 [588305792] FortiAuthenticator rad_accounting [1260] [INFO]: Updated accounting sessions file. Status = 0
08/21/2022 14:25:36 [588305792] FortiAuthenticator rad_accounting [1260] [INFO]: Updated accounting sessions file. Status = 0
08/21/2022 14:28:36 [588305792] FortiAuthenticator rad_accounting [1260] [DEBUG]: [Maintenance] Publish accounting state to file
08/21/2022 14:28:36 [588305792] FortiAuthenticator rad_accounting [1260] [INFO]: Updated accounting sessions file. Status = 0
08/21/2022 14:28:36 [588305792] FortiAuthenticator rad_accounting [1260] [DEBUG]: [Maintenance] Publish accounting state to file

 

accnt.PNG

1916
0 Kudos
Markus_M
Staff
Staff
In response to Akmostafa

Created on ‎08-21-2022 08:14 AM

Hi,

 

do you have accounting enabled on the interface?

Accounting MonitorAccounting Monitor

Best regards,

 

Markus

1910
0 Kudos
Akmostafa
New Contributor III
In response to Markus_M

Created on ‎08-22-2022 05:28 AM

hello, enabled:

Also I can see from the debugs vie the following line (after restarting FAC:

 

08/22/2022 13:49:15 [4267148672] FortiAuthenticator rad_accounting [1263] [DEBUG]: Caches and queues initialized
08/22/2022 13:49:15 [4267148672] FortiAuthenticator rad_accounting [1263] [DEBUG]: Initializing snd module
08/22/2022 13:49:15 [4267148672] 
 rad_accounting [1263] [DEBUG]: Loading source [172.16.14.1-172.16.14.1] into source tree

acc.pngacc2.png

 

 

Below RADIUS config on Foritgate: (secret line ommited)

 

config user radius
edit "fac"
set server "172.16.14.9"
set acct-interim-interval 60
set radius-coa enable
config accounting-server
edit 1
set status enable
set server "172.16.14.9"
next
end
next

1906
0 Kudos
Markus_M
Staff
Staff
In response to Akmostafa

Created on ‎08-24-2022 09:07 AM

Hello,

 

please also check this one (that should match the ports you are using):

2022-08-24_18-05-51.png

Best regards,

 

Markus

1896
0 Kudos
Akmostafa
New Contributor III
In response to Markus_M

Created on ‎10-06-2022 02:00 AM

Thank you alot.

It works now.

I have never thought that FAC is listening on a different port rather than 1813.

 

1765
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.