Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate SSID tunnel and Windows RADIUS

Hi Everyone,


I'm having some issues with the Radius authentication on Fortigate 40F.

My configuration is:


Aggregate interface (dedicated to fortiswitch) with the following subinterfaces:

Vlan 4 "Server" ( 

Vlan 3 "Wifi" (

Vlan 2 "Clients"  (


WIFI SSID Vlan 5 -tunnel mode ( DHCP to wireless clients.


Firewall policies: all "allow" for testing


Managed fortiswitch ports:

Port 21 to the test AP: native vlan 3 allowed vlan 5

Port 22 to Windows server: native vlan 4

Port 24 to the Fortigate: all vlan allowed.


RADIUS SERVER configured with (Windows Server) and added to the SSID (with the same secret)


Windows NPS configured with:  ( Fortigate subint vlan4) as RADIUS client (???)

Network connection rules for Active directory users ( same server)

Authentication methods EAP and msCHAP 2


Connection test and user auth test from Fortigate give me a success but when i connect to the SSID and try to auth with the same credentials it fails  with "impossible to connect" or " mismatch in auth methods"


Am i missing something?






Kindly confirm in the NPS server ,In Constraints tab, under Authentication Methods, did you have selected  Microsoft: Protected EAP (PEAP)  with certificate as shown in the image.


If you still getting the issue while connecting to SSID, Kindly run the below sniffer logs and check the radius is server is responding when you are connecting via the SSID.


diagnose sniffer packet any 'host x.x.x.x' 6 0 l ---where x.x.x.x is the radius server IP address.










Top Kudoed Authors