Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TheOnlyJames
New Contributor III

EAP-TLS request not reaching FAC

Client laptop has a cert issued by Microsoft AD (via Intune) the Trusted CA has been imported to the FAC 6.6.0 as per this video:

EAP-TLS Authentication with FortiAuthenticator | Identity and Access Management

The fortigate is set to use the FAC / WPA2 Enterprise as per the instructions, everything is configured as per the fortinet website, but nothing gets sent to the FAC (other traffic using SSL VPN is fine, so its not a connection issue)

 

Running debugs and logs on both the FAC and the Gate, the EAP-TLS request is not even reaching the FAC, 

 

Fortigate logs show:

2024-11-06 15:09:28 05768.944 70:32:17:11:01:7a <eh> IEEE 802.1X (EAPOL 14B) ==> 70:32:17:11:01:7a ws (0-10.16.152.100:5246) rId 0 wId 1 38:c0:ea:a0:d0:81 2024-11-06 15:09:28 05768.974 70:32:17:11:01:7a <eh> IEEE 802.1X (EAPOL 5B) <== 70:32:17:11:01:7a ws (0-10.16.152.100:5246) rId 0 wId 1 38:c0:ea:a0:d0:81 2024-11-06 15:09:28 05768.974 70:32:17:11:01:7a <eh> recv IEEE 802.1X ver=1 type=1 (EAPOL_START) data len=0

 

Which show a pattern link below

auth-req

auth-resp

reassoc-req

reassoc-resp

client-disconnected

 

This then repeats, client machine shows the same sort of log, I have configured and had it checked by TAC, and still cannot get this simple connection working, any help from here is appreciated,

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors