Client laptop has a cert issued by Microsoft AD (via Intune) the Trusted CA has been imported to the FAC 6.6.0 as per this video:
EAP-TLS Authentication with FortiAuthenticator | Identity and Access Management
The fortigate is set to use the FAC / WPA2 Enterprise as per the instructions, everything is configured as per the fortinet website, but nothing gets sent to the FAC (other traffic using SSL VPN is fine, so its not a connection issue)
Running debugs and logs on both the FAC and the Gate, the EAP-TLS request is not even reaching the FAC,
Fortigate logs show:
2024-11-06 15:09:28 05768.944 70:32:17:11:01:7a <eh> IEEE 802.1X (EAPOL 14B) ==> 70:32:17:11:01:7a ws (0-10.16.152.100:5246) rId 0 wId 1 38:c0:ea:a0:d0:81 2024-11-06 15:09:28 05768.974 70:32:17:11:01:7a <eh> IEEE 802.1X (EAPOL 5B) <== 70:32:17:11:01:7a ws (0-10.16.152.100:5246) rId 0 wId 1 38:c0:ea:a0:d0:81 2024-11-06 15:09:28 05768.974 70:32:17:11:01:7a <eh> recv IEEE 802.1X ver=1 type=1 (EAPOL_START) data len=0
Which show a pattern link below
auth-req
auth-resp
reassoc-req
reassoc-resp
client-disconnected
This then repeats, client machine shows the same sort of log, I have configured and had it checked by TAC, and still cannot get this simple connection working, any help from here is appreciated,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1070 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.