We have a Fortigate and DC running Duo Auth Proxy service in Azure. Settting up the RADIUS in the fortigate, I can’t seem to get the Connection Status ‘green’. It keeps failing with Can’t contact RADIUS server. LDAP binding to the same server on the fortigate connects fine, as well as pings go through, so it seems like the router can see/contact the server just fine. I’ve tried a new port. I have appropriate server firewall rules in place (also tried with disabling). I’m almost thinking Azure is blocking it somehow and have tried putting in some inbound/outbound security rules but either not putting in the correct ones or just isn’t helping the underlying issue. Anyone else run across this before?
ICMP pings and LDAP binds usually happen on a different port than RADIUS. Maybe double-check that your Azure FW or security rules allow the RADIUS traffic on UDP port 1812 (or whichever port you may have defined for the RADIUS traffic between the FortiGate and the Authentication Proxy)?
Try a packet capture on the FortiGate to see what is happening to the outbound traffic?