Hello all,
I have a problem, probably in connection with my Fortigate100F to establish a RadSec TLS 1.3 connection from a UniFi AC Pro AP to an external RadSec Server (RADIUS). The connection is made via a Ubiquiti UniFi AC Pro AP and Ubiquiti UniFi Application 8.5.6 and RadSec is official supported.
The connection via RADIUS works, but as soon as I activate TLS for this connection with the required certificates (root, client, private key), no connection is established.
In the log files I do not actually see that the connection is blocked. The only thing I see is action=“close” - What does this mean?
When I add the external IP in my exclusion list from my SSL Deep Inspection, I can't connect either.
Even if I temporarily deactivate IPS, SSL and App Control, I cannot establish a connection.
I can establish a telnet connection to the RadSec server from the Fortigate and from the UniFi AC Pro AP. However, this is terminated immediately
date=2024-10-21 time=13:42:13 eventtime=1729510933581869890 tz="+0200" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.10.237 srcport=58594 srcintf="VLAN10" srcintfrole="lan" dstip=206.xxx.xxx.xxx dstport=2083 dstintf="wan1" dstintfrole="wan" srccountry="Reserved" dstinetsvc="DigitalOcean-DigitalOcean.Platform" dstcountry="Netherlands" dstregion="North Holland" dstcity="Amsterdam" dstreputation=4 sessionid=16267522 proto=6 action="close" policyid=2 policytype="policy" poluuid="b08ab9d0-cf8b-51ec-7409-582ae59457cf" policyname="VLAN10 -> WAN" service="DigitalOcean-DigitalOcean.Platform" trandisp="snat" transip=xx.xx.xx.xx transport=58594 appid=47013 app="SSL_TLSv1.3" appcat="Network.Service" apprisk="medium" applist="block-high-risk" appact="detected" duration=2 sentbyte=1015 rcvdbyte=4293 sentpkt=11 rcvdpkt=8 sslaction="exempt-addr" utmaction="allow" countapp=2 countssl=1 srchwvendor="Ubiquiti" mastersrcmac="d0:xx:xx:xx:xx:xx" srcmac="d0:xx:xx:xx:xx:xx" srcserver=0 utmref=16267522:1729510934
What else could cause a problem here?
Thanks
fabs
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1589 | |
1038 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.