Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chethan
Contributor

FortiGate RADIUS Server Connectivity issue

Hello Everyone,

 

 From past couple of days we are facing this issue with FortiAuthenticator (RADIUS Server) Connection Status issue.

The connection status keeps on loading.

 

[ul]
  • The server secret is correct.
  • Can ping FortiAuthenticator from FortiGate.
  • Single factor authentication is working for remote RADIUS users.
  • FortiToken 2FA for remote RADIUS users is not working.
  • It was working before 4 days, no configuration was changed in between.[/ul]

    *Image Attached for reference* 

     

    Issue Resolving Urgency is high.

     

    Thank you.

     

     

  • Chethan
    NSE 4
    ChethanNSE 4
    11 REPLIES 11
    chethan

    Hello,

     

    EDIT:

    The issue is resolved now, The problem was with an intermediate firewall blocking the return traffic even though required ports are open and routes are properly configured on it and no configuration change was made on this device as well from the day of deploying Fortinet appliance (This 2FA service was stopped working all of a sudden). Now the network is redesigned to have directly connected routes from FortiGate to FortiAuthenticator.

     

    No, Asymmetric Routing was never in place.

     

    Thank you so much.

     

     

    Chethan
    NSE 4
    ChethanNSE 4
    xsilver_FTNT

    Hi emnoc,

    AFAIK there is NO CLI on FAC side to login in as user. Admins only.

    However there is GUI, which allows user logons and based on user class shows either admin GUI or user GUI.

     

    But, if your problem is from FGT to FAC, then I would keep testing from FGT CLI (I believe I posted cli command earlier). Because that's the intended client and such test will pass the same path through FAC. As GUI access has different settings and policies then RADIUS NAS client. And you need to test how requests from NAS will be handled.

     

    Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
    AAA, MFA, VoIP and other Fortinet stuff

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors