Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
franz
New Contributor

Send logout message to the server RADIUS

Hello guys, i' ve configured my fortinet for the vpn ssl/ipsec with RADIUS in ActiveDirectory, i noticed that in the log file of the server RADIUS the are present only the login messages without logout, it' s possible send also the notification for the logout? It' s possible also give the possibility to the users to change the password when it expired? Franz
6 REPLIES 6
emnoc
Esteemed Contributor III

What you need is radius accounting. AFAIK, fortigates still don' t do radius accounting. This is why you don' t have session counts information.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
franz
New Contributor

I' m using the radius account in my fortinet, and i receive a message when an user connecting in the vpn, i copy and paste an example: " DC02" ," IAS" ,06/04/2014,10:20:21,1," user" ," OU/User OU/User" ,," 192.168.x.x" ,,," FGTFirewall" ,,16,0," 10.111.50.2" ," FortigateVDOM" ,,,," vpn-ssl" ,,,4," FortigateVDOM" ,0," 311 1 ::1 05/29/2014 21:57:45 220" ,,,,,,,,," 00000513" ,,,,,,,,,,,,,,,,,,,,,,,,," FortigateVDOM" ,1,,,, I would like receive a message also when an user disconnecting from the vpn....I hope I have been clear. Franz
emnoc
Esteemed Contributor III

That' s message in fortinet syslog/local-log right? AFAIK, fortigate don' t send radius-acct information to 1646 or 1813/udp. This is why you don' t have session-stop accounting information. Search for the fortigate port uses charting; http://kb.fortinet.com/kb/viewContent.do?externalId=10773

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
franz
New Contributor

This is the log in the domain controller where the radius is configured, i tried to check in the kb but without success :/ thanks for your time
emnoc
Esteemed Contributor III

FWIW The current beta release has raddius-acct as a feature, and is controlled per interface. I have played around with nor see a means for changing the radius-acct port ( 1813 vrs 1646 )

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
franz
New Contributor

So if i understand well, when will be release the next firmware 5.0.8 , the feature will be available? Thanks
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors