Fortigate and RADIUS in Azure not connecting

jsnyder2 · ‎02-28-2023

We have a Fortigate and DC running Duo Auth Proxy service in Azure. Settting up the RADIUS in the fortigate, I can’t seem to get the Connection Status ‘green’. It keeps failing with Can’t contact RADIUS server. LDAP binding to the same server on the fortigate connects fine, as well as pings go through, so it seems like the router can see/contact the server just fine. I’ve tried a new port. I have appropriate server firewall rules in place (also tried with disabling). I’m almost thinking Azure is blocking it somehow and have tried putting in some inbound/outbound security rules but either not putting in the correct ones or just isn’t helping the underlying issue. Anyone else run across this before?

DuoKristina · ‎03-02-2023

ICMP pings and LDAP binds usually happen on a different port than RADIUS. Maybe double-check that your Azure FW or security rules allow the RADIUS traffic on UDP port 1812 (or whichever port you may have defined for the RADIUS traffic between the FortiGate and the Authentication Proxy)?

Try a packet capture on the FortiGate to see what is happening to the outbound traffic?

Duo, not DUO.

vmanthe · ‎02-13-2024

on the Fortigate CLI in the RADUIS server configuration, you can set the interface and IP address used to send out the RADIUS packets.
You will also need to allow inbound radius service on and Windows firewall and any inbound policy on Windows VM to be allowed from the Fortigate IP you are send the RADIUS comms from.