Hello everyone,
This morning we had a situation at the office.
We have a FortiGate 80F at the office.
So here’s what happened: we have VPN configured with MFA through an NPS server in Azure.
There’s a Site-to-Site (S2S) connection between On-Prem and Azure VNET.
This morning, the local Active Directory (AD) server went down, so the VPN couldn’t connect — even though we also have AD in Azure, which is accessible from On-Prem.
But we have the LDAP server configured to use the local AD.
So the question is:
Is the RADIUS server (configured on FortiGate) dependent on the LDAP server that is also configured on FortiGate?
Thank you in advance!
Hi @shree083
By default when there is an request toward FGT ,FGT first will check local user database than if user is not found there ,will check whichever server reply first LDAP or Radius server then will proceed to authenticate user. So you have to make sure that not having the same LDAP server locally on FGT also Radius server having the same LDAP server on the other side, or you have to be carefully when selecting user groups in FGT or using realms to match the correct one.
You said "NPS server in Azure". Therefore I assume FGT's RADIUS server connection needs to reach the NPS over the VPN. Then if tunnel is not up, the FGT can't get to the NPS RADIUS proxy.
Toshi
User | Count |
---|---|
2530 | |
1350 | |
795 | |
639 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.