Hello,
I have a problem with the Radius connection my Fortigate and my fortiauthenticator.
Last night the security team updated Fortigate to version 7.4.5 since users can no longer connect via VPN.
When I go to configuration I get this message
I checked the secret carefully and they are identical so I don't understand. The fortigate and the fortiauthenticator communicate well with each other however.
Do you have any ideas?
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @rbenoit ,
Could you please upgrade your FAC to version 6.6.2 if it is Older version as we have an some enhancement made with version 7.4.5 of FortiOS as a fix for the CVE-2024-3596 and FAC should be on 6.6.2 or above to support this change. If you need more details, you may open a support case.
Best Regards,
San
You got me going in the right direction man, thank you! I'm running 7.2.10 and per this bulletin: https://help.duo.com/s/article/9012?language=en_US
I added this attribute to radius server config and boom!
[radius_server_auto]
<snip>
force_message_authenticator=true
I've contacted Duo support and they said unfortunately the new CVE requirements are not yet compatible with the Duo Authentication Proxy. They've escalated the case to developers. They said my options now were to reach out to Fortigate to disable the new requirement or revert back to previous Firmware; I could also use Duo SSO rather than RADIUS. I'm waiting for a call from Fortigate.
I went through the Duo SSO for Fortigate setup article yesterday and got it working for myself but others received errors when trying to connect. The SSO / SAML setup also requires a change on the client (checking the SSO box). I wanted to avoid having to change all of the clients, so I ended up just removing the RADIUS Duo Auth Proxy Remote Group and went back to just authenticating with an AD group for the Duo SSL VPN group on the FortiGate for the time being until I can get SSO working. I really wish Duo would fix the Auth Proxy, but I seriously doubt they will.
I didn't want to rush into configuring Duo SSO so we reverted back to 7.4.4 and the vpn is working now. We'll either configure Duo SSO or see if Duo has a fix for the Duo Authenticator Proxy. Thanks.
Hi,
Please refer to this KB: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-RADIUS-authentication-failure-after-...
Put me in the ME TOO category.
Hi,
Same here...
I had a support ticket because of issues with VPN firewall rules.
They told us to upgrade the FTG to 7.4.5... and know I discover that Radius is no more working with Duo ??
Very interesting, do the support knows the ongoing issues when they advice someone to upgrade their FTG ? Because if they did know that I hope they wouldn't tell us to upgrade as now the VPN is no more working at all...
We are using Forti since now 6 months (after Zyxel)), and to be honest, there are a lot, I mean A LOT of issues... this is really not nice to work with you guys... There are always issues with your firmwares. We upgrade to fix an issue and TADA a new issue now.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.