We currently have a Windows Server that not only serves AD, but also Radius and DNS servers, where this server serves other branches, where the FWs are connected via VPN (without significant packet loss, average amount of 0.5%).

However, in one of our branches with high device density (you could say a second head office) we have been facing some difficulties with Wi-Fi connection. Today we use UniFi authentication on the SSID using Radius. However, all DNS and Radius requests are used by the Head Office infrastructure.

I have a theory that perhaps this connection drop is related to the excess of Radius requests or even DNS requests, a number of requests that may be outside the scope of the Windows Server CAL licensing (I do not have this information).

Considering this, I would like to know if it is possible to use Fortigate for DNS queries, but Fortigate should query the DNS addresses on the Head Office Server and store them in an internal database that is updated from time to time, of course. If I'm right, perhaps the problem of Wi-Fi connection failures can be "worked around".

Note that sometimes I need to restart the UniFi antennas so that the WifiRadius network starts accepting authentications. It doesn't seem to be a fault in the antenna, since other SSIDs that don't have a radius continue to work normally.