Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amitrohilla07
New Contributor II

Created on ‎06-22-2025 03:01 AM

Authentication Failure Radius Server showing Can't contact radius server

Hello Team,

 

We have HA device both devices are login via Radius server, however we are facing issue with secondary firewall not able to login it shows Authentication Failure but on primary firewall we can be able to login the firewall without any issue. as of now workaround we are using that reboot the secondary firewall and after that it works fine but after couple of days issue raise again showing Authentication Failure. we tried to use set source-ip but nothing worked only solution we can afford as of now REBOOT.

 

Can you please look into this serious issue 

 

Thanks

872
0 Kudos
1 Solution
amitrohilla07
New Contributor II

Created on ‎07-18-2025 06:19 AM

Fortinet has officially confirmed this is a known bug affecting all FortiGate devices. The issue is recorded with engineering and is expected to be resolved in version 7.4.9, scheduled for release in September 2025.

Current Workaround

  1. Login to the secondary FortiGate using admin credentials
  2. Identify the PID of the fnbamd process by running
    diagnose sys process pidof fnbamd
  3. Kill the process using:
    diagnose sys kill 11 <PID>
    Replace <PID> with the actual process ID (e.g., 2456)Please note the PID will be changing evry time to please check PID very firstly before running kill command..
    Example:-
     

    image (4).png

View solution in original post

337
0 Kudos
9 REPLIES 9
funkylicious
SuperUser
SuperUser

Created on ‎06-22-2025 03:21 AM

hi,

are you using radius for FGT management / admin access or for remote access for users?

"jack of all trades, master of none"
"jack of all trades, master of none"
858
amitrohilla07
New Contributor II
In response to funkylicious

Created on ‎06-22-2025 03:23 AM

We are using for firewall management / admin access. we only face this issue when we try to login on secondary firewall. primary firewall works fine and able to access via radius authentication. 

854
0 Kudos
funkylicious
SuperUser
SuperUser
In response to amitrohilla07

Created on ‎06-22-2025 03:26 AM

do you manage them via a in-band/out-band management ip address and is that ip address/source-ip configured on the radius server as a client ?

what does the logs say on the radius server when trying to access the 2nd device ?

"jack of all trades, master of none"
"jack of all trades, master of none"
851
amitrohilla07
New Contributor II
In response to funkylicious

Created on ‎06-22-2025 03:30 AM

In-band management IP of the lan interface IP and same IP configured as client in Radius server. i tried to packet-capture but no traffic found in pcap. i only saw 169.254.1.2 ip communication.

835
0 Kudos
funkylicious
SuperUser
SuperUser
In response to amitrohilla07

Created on ‎06-22-2025 03:46 AM

that's strange.

i am using a similar setup with FortiAuth as radius server and I can log in both devices using the in-band ip address and my username+pwd+token ( as defines in the radius policy ) . in there i can see the source ip, the cluster ip address and not the individual/in-band management

"jack of all trades, master of none"
"jack of all trades, master of none"
822
amitrohilla07
New Contributor II

Created on ‎06-23-2025 01:58 AM

Hello Team,


can someone please check into this, we can discuss this issue it is having in many devices like FortiGate 100F 200F and many more. Radius server we have Cisco ISE.

696
0 Kudos
funkylicious
SuperUser
SuperUser
In response to amitrohilla07

Created on ‎06-23-2025 02:11 AM

hi,

this is a best effort forum type of help that anyone here can provide, based on experience and encountered situations.

 

if the matter is urgent, i would suggest opening a Fortinet TAC case and they will do the best to help resolve your issue.

"jack of all trades, master of none"
"jack of all trades, master of none"
687
amitrohilla07
New Contributor II

Created on ‎07-18-2025 06:19 AM

Fortinet has officially confirmed this is a known bug affecting all FortiGate devices. The issue is recorded with engineering and is expected to be resolved in version 7.4.9, scheduled for release in September 2025.

Current Workaround

  1. Login to the secondary FortiGate using admin credentials
  2. Identify the PID of the fnbamd process by running
    diagnose sys process pidof fnbamd
  3. Kill the process using:
    diagnose sys kill 11 <PID>
    Replace <PID> with the actual process ID (e.g., 2456)Please note the PID will be changing evry time to please check PID very firstly before running kill command..
    Example:-
     

    image (4).png

338
0 Kudos
Markus_M
Staff & Editor
Staff & Editor

Created on ‎07-20-2025 07:16 AM

A shorter way, less commands:
fnsysctl killall -11 fnbamd
Do you have that bug ID?

- Markus
309
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.