Hello all,
I have a problem, probably in connection with my Fortigate100F to establish a RadSec TLS 1.3 connection from a UniFi AC Pro AP to an external RadSec Server (RADIUS). The connection is made via a Ubiquiti UniFi AC Pro AP and Ubiquiti UniFi Application 8.5.6 and RadSec is official supported.
The connection via RADIUS works, but as soon as I activate TLS for this connection with the required certificates (root, client, private key), no connection is established.
In the log files I do not actually see that the connection is blocked. The only thing I see is action=“close” - What does this mean?
When I add the external IP in my exclusion list from my SSL Deep Inspection, I can't connect either.
Even if I temporarily deactivate IPS, SSL and App Control, I cannot establish a connection.
I can establish a telnet connection to the RadSec server from the Fortigate and from the UniFi AC Pro AP. However, this is terminated immediately
date=2024-10-21 time=13:42:13 eventtime=1729510933581869890 tz="+0200" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.10.237 srcport=58594 srcintf="VLAN10" srcintfrole="lan" dstip=206.xxx.xxx.xxx dstport=2083 dstintf="wan1" dstintfrole="wan" srccountry="Reserved" dstinetsvc="DigitalOcean-DigitalOcean.Platform" dstcountry="Netherlands" dstregion="North Holland" dstcity="Amsterdam" dstreputation=4 sessionid=16267522 proto=6 action="close" policyid=2 policytype="policy" poluuid="b08ab9d0-cf8b-51ec-7409-582ae59457cf" policyname="VLAN10 -> WAN" service="DigitalOcean-DigitalOcean.Platform" trandisp="snat" transip=xx.xx.xx.xx transport=58594 appid=47013 app="SSL_TLSv1.3" appcat="Network.Service" apprisk="medium" applist="block-high-risk" appact="detected" duration=2 sentbyte=1015 rcvdbyte=4293 sentpkt=11 rcvdpkt=8 sslaction="exempt-addr" utmaction="allow" countapp=2 countssl=1 srchwvendor="Ubiquiti" mastersrcmac="d0:xx:xx:xx:xx:xx" srcmac="d0:xx:xx:xx:xx:xx" srcserver=0 utmref=16267522:1729510934
What else could cause a problem here?
Thanks
fabs
Hello Fabs,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello Fabs
I'm not TLS specialist, but I still see some issues with TLS 1.3 in forums, "probably" due to its newly implementation one some devices.
Is there any reason you use 1.3? If not, you may try with 1.2 which is still very secure.
Hello,
unfortunately I can't control that, as soon as I activate TLS settings in Ubiquiti UniFi, it will probably be sent in TLS 1.3.
"action=close" means the session was allowed, some traffic passed, and then the session was closed.
As you can see ("sentpkt=11 rcvdpkt=8 "), there were 11&8 packets sent in both directions.
Are you willing to share a pcap of that exchange to have a look at it in detail?
Hi @pminarik
Thank you for your reply. How can I share the pcap file here in the community, since there is no attachment function.
It should be there.
"Drag and drop here or browse files to attach" right below the text box.
hm this is weird, the drag and drop box is not visible
Maybe there's different permission levels that I have not been aware of.
Anyway, you can try some third-party temporary file storage, or go through a support ticket (safer).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.