Hi AEK,

Thanks for your reply there is I can ping to my FortiAuthenticator but cannot see any radius request is coming from RHEL Server.

I think that RHEL has some restrictions and I have no idea how can I resolve this.

Could you please advise?

Thanks,

Leo

Hi Leo

• Is there a firewall between your RHEL and FAC? If so the check if the RADIUS traffic is allowed, and check if the firewall can actually see this traffic
• Check if RHEL's firewall is blocking the RADIUS traffic
• Use tcpdump on your RHEL to see if the RADIUS requests are actually being sent from your RHEL. Also check if they are sent from the right server port and with the right source IP and destination IP

Once you share the result we may help further.

Hello AEK,

Yes there have FortiGate firewall between RHEL and FortiAuthenticator,

There is we didn't see any radius traffic is hitting to firewall from RHEL server that assume that RHEL itself cannot send radius traffic to outside.

That's why I have no idea how can I check for any require permission on that.

Thanks,

Leo 

Then do you see the traffic is sent when you run "tcpdump -i any port 1812" on the RHEL server? If yes then do you see it sent from the right server port and with the right source IP?

Hello AEK,

There is I saw eth0  Out IP ip-10-xx-xx-xx.abc.com.58544 > 10.xx.xx.xx.radius: [|radius]

There is correct source ip and destination ip but I don't know what is 58544 and it is dynamic port or what I am not sure.

Thanks,

Leo

Port 58544 is a dynamic port because it is client port.

The RADIUS query seems to be generated correctly on the server.

On RHEL server try check if the local firewall (firewalld) is allowing the RADIUS packet to leave the server.

Also try double-check if the RADIUS query is reaching your firewall, using "diag sniffer" command.