I'm trying to set up RADIUS authentication for FortiClient VPN connections towards two windows domain controllers. I have two of them - the BDC is on premise and the PDC is in AWS (connected through a VPN tunnel).
The connection towards the BDC is fine. This is the primary authentication server.
When trying to test the connection from the Fortigate towards the AWS instance, I see that the connection is made from the tunnel interface IP. The connection fails, because I have not created any routing and security group inbound rules for the interface IPs in AWS. Is there any way to make the Fortigate make the RADIUS request from the LAN interface IP? That would make the rules much simpler.