Hi,
I am trying to authenticate the passive firewall via Radius for management purposes. I have setup as per "Active-passive with external and internal Azure load balancer (LB)".
Active and passive firewall has dedicated HA management interface configured with dedicated ip
active firewall and passive firewall have the same radius server configured . On my radius server I have two clients. One is the active firewall and the other for the passive.
I can authenticate the active firewall without any issues on its ha management ip. However, the passive firewall was not authenticating with its its ha management ip. But strangely it started to authenticate with its HA management ip.
Is this possible?
The RADIUS server does not ping from passive ha management interface. Routing table is blank on Passive firewall that means no reverse route to RADIUS server, also in GUI the RADIUS server connection status is " Error checking RADIUS connectivity"
When I check logs on RADIUS server, no logs are shown for passive firewall login.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Does the HA configuration include "set ha-direct enable" like shown in this section of the guide?
By default, management services such as FortiCloud, FortiSandbox, SNMP, remote logging, and remote authentication, use a cluster interface. This means that communication from each cluster unit will come from a cluster interface of the primary unit, and not from the individual cluster unit's interface.
"set ha-direct enable" is not included in HA configuration.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.