rsso-context-timeout: Timeout value for RADIUS server database entries (0 = infinite).
rsso-flush-ip-session: Enable/disable flush user IP sessions on RADIUS accounting stop.
config system interface
edit "mgmt1"
set vdom "root"
set ip 10.134.3.56 255.255.240.0
set allowaccess ping https ssh http telnet radius-acct
set type physical
set role lan
set snmp-index 12
next
end
config system interface
edit "port1/1"
set vdom "root"
set ip 10.5.19.56 255.255.240.0
set allowaccess ping https ssh snmp http telnet
set type physical
set snmp-index 1
next
end
config router static
edit 1
set gateway 10.5.31.254
set device "port1/1"
next
end
config user radius
edit "RadiusRsso"
set rsso enable
set rsso-secret ENC F7bLsgPVrWICS5RHAo+TGsVTiPMGvhPlZRGmfghV7mU+xHhM0hoTljQQWWwvD10NXrcv84owjyenbS4PxOZxqHnKLP+6xDRHmgKdiIJz3n5hgm2EUET
2XokE3bftmqBc/mRYFJgEUrTm8JUxw/asoDT6O1bP9AiRYtIdAV+c1Lo7OfZ2jIE19WpA/UadeN2qYxazXw==
set rsso-context-timeout 120 (2 min for test purpose – default values is 28800 sec or 8 hours in 5.4.2)
next
end
config user group
edit "SSO_Guest_Users"
next
edit "Guest-group"
set member "guest"
next
edit "Group0"
set group-type rsso
set sso-attribute-value "Group0"
next
edit "Group1"
set group-type rsso
set sso-attribute-value "Group1"
next
edit "Group2"
set group-type rsso
set sso-attribute-value "Group2"
next
end
config firewall policy
edit 1
set uuid cfdcb6b4-bb08-51e6-8df6-946f5b8bb2aa
set srcintf "mgmt1"
set dstintf "port1/1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "DNS"
set nat enable
next
edit 2
set uuid d04476c8-bb08-51e6-71e7-a00a58ac0b91
set srcintf "mgmt1"
set dstintf "port1/1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "SSH"
set utm-status enable
set logtraffic all
set groups "Group0"
set nat enable
next
edit 3
set uuid d0d0d9ec-bb08-51e6-4b8c-f71e885838ff
set srcintf "mgmt1"
set dstintf "port1/1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "HTTP"
set utm-status enable
set logtraffic all
set groups "Group1"
set nat enable
next
end
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 10:50:20 RADIUS server database [vd root]:
2016-12-07 10:50:20 ** no entries **
2016-12-07 10:50:20
FG-5KD3915xxxxxx # diagnose debug application radiusd -1
FG-5KD3915xxxxxx # dia debug enable
FG-5KD3915xxxxxx # diagnose sniffer packet mgmt1 "port 1813" 6
interfaces=[mgmt1]
filters=[port 1813]
2016-12-07 10:51:57 Received radius accounting event11.814318 mgmt1 -- 10.134.9.230.53279 -> 10.134.3.56.1813: udp 59
vd 0:root Add/Update auth logon for IP 10.134.9.208 for user 33471995584
0x0000 085b 0ecc 31ec 0050 5601 671e 0800 4500 .[..1..PV.g...E.
0x0010 0057 69fc 0000 8011 ae70 0a86 09e6 0a86 .Wi......p......
0x0020 0338 d01f 0715 0043 1753 0415 003b b117 .8.....C.S...;..
0x0030 11be 9b6e a79c 388e 7c43 f5c6 871e 2806 ...n..8.|C....(.
0x0040 0000 0001 2c06 3330 3536 1908 4772 6f75 ....,.3056..Grou
0x0050 7030 1f0d 3333 3437 3139 3935 3538 3408 p0..33471995584.
0x0060 060a 8609 d0 .....
2016-12-07 10:51:57 DB 0 insert [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
^C
1 packets received by filter
0 packets dropped by kernel
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 10:52:07 RADIUS server database [vd root]:
2016-12-07 10:52:07 "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
2016-12-07 10:52:07 1,1481104317,00:01:50,"10.134.9.208","33471995584","allow","no log","Group0",1,No
2016-12-07 10:52:07
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 10:53:54 RADIUS server database [vd root]:
2016-12-07 10:53:54 "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
2016-12-07 10:53:54 1,1481104317,00:00:03,"10.134.9.208","33471995584","allow","no log","Group0",1,No
2016-12-07 10:53:54
FG-5KD3915xxxxxx # 2016-12-07 10:53:58 DB 0 remove IP entry [ep='33471995584' pg='Group0' ip='10.134.9.208'] timeout
2016-12-07 10:53:58 vd 0:root Remove auth logon for IP 10.134.9.208 for user 33471995584
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 10:54:39 RADIUS server database [vd root]:
2016-12-07 10:54:39 ** no entries **
2016-12-07 10:54:39
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 11:12:17 RADIUS server database [vd root]:
2016-12-07 11:12:17 ** no entries **
2016-12-07 11:12:17
FG-5KD3915xxxxxx # diagnose sniffer packet mgmt1 "port 1813" 6
interfaces=[mgmt1]
filters=[port 1813]
2016-12-07 11:12:31 Received radius accounting event10.098152 mgmt1 -- 10.134.9.230.55827 -> 10.134.3.56.1813: udp 59
0x0000 085b 0ecc 31ec 0050 5601 671e 0800 4500 .[..1..PV.g...E.
0x0010 0057 6b0d 0000 8011 ad5f 0a86 09e6 0a86 .Wk......_......
0x0020 0338 da13 0715 0043 8645 0416 003b 2ff4 .8.....C.E...;/.
0x0030 2c14 d2f2 9d3d 7fd2 ba5c 3640 8208 2806 ,....=...\6@..(.
0x0040 0000 0001 2c06 3330 3536 1908 4772 6f75 ....,.3056..Grou
0x0050 7030 1f0d 3333 3437 3139 3935 3538 3408 p0..33471995584.
0x0060 060a 8609 d0 .....
2016-12-07 11:12:31 DB 0 insert [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
^C
1 packets received by filter
0 packets dropped by kernel
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 11:12:38 RADIUS server database [vd root]:
2016-12-07 11:12:38 "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
2016-12-07 11:12:38 1,1481105551,00:01:53,"10.134.9.208","33471995584","allow","no log","Group0",1,No
2016-12-07 11:12:38
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 11:13:22 RADIUS server database [vd root]:
2016-12-07 11:13:22 "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
2016-12-07 11:13:22 1,1481105551,00:01:09,"10.134.9.208","33471995584","allow","no log","Group0",1,No
2016-12-07 11:13:22
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 11:13:43 RADIUS server database [vd root]:
2016-12-07 11:13:43 "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
2016-12-07 11:13:43 1,1481105551,00:00:48,"10.134.9.208","33471995584","allow","no log","Group0",1,No
2016-12-07 11:13:43
FG-5KD3915xxxxxx # diagnose sniffer packet mgmt1 "port 1813" 6
interfaces=[mgmt1]
filters=[port 1813]
2016-12-07 11:13:58 Received radius accounting event2016-12-07 11:13:58 7.334169 mgmt1 -- 10.134.9.230.54721 -> 10.134.3.56.1813: udp 59
DB 0 update [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
0x0000 085b 0ecc 31ec 0050 5601 671e 0800 4500 .[..1..PV.g...E.
0x0010 0057 6b18 0000 8011 ad54 0a86 09e6 0a86 .Wk......T......
0x0020 0338 d5c1 0715 0043 af3f 0417 003b 7169 .8.....C.?...;qi
0x0030 5175 f232 7373 943a 0519 f64e e1dd 2806 Qu.2ss.:...N..(.
0x0040 0000 0003 2c06 3330 3536 1908 4772 6f75 ....,.3056..Grou
0x0050 7030 1f0d 3333 3437 3139 3935 3538 3408 p0..33471995584.
0x0060 060a 8609 d0 .....
^C
1 packets received by filter
0 packets dropped by kernel
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 11:14:05 RADIUS server database [vd root]:
2016-12-07 11:14:05 "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
2016-12-07 11:14:05 1,1481105638,00:01:53,"10.134.9.208","33471995584","allow","no log","Group0",1,No
2016-12-07 11:14:05
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 11:14:31 RADIUS server database [vd root]:
2016-12-07 11:14:31 "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
2016-12-07 11:14:31 1,1481105638,00:01:27,"10.134.9.208","33471995584","allow","no log","Group0",1,No
2016-12-07 11:14:31
FG-5KD3915xxxxxx # diagnose sniffer packet mgmt1 "port 1813" 6
interfaces=[mgmt1]
filters=[port 1813]
2016-12-07 11:14:41 Received radius accounting event2016-12-07 11:14:41 7.057849 mgmt1 -- 10.134.9.230.63642 -> 10.134.3.56.1813: udp 59
0x0000 085b 0ecc 31ec 0050 5601 671e 0800 4500 .[..1..PV.g...E.
0x0010 0057 6b1e 0000 8011 ad4e 0a86 09e6 0a86 .Wk......N......
0x0020 0338 f89a 0715 0043 1e2d 0418 003b 5d9a .8.....C.-...;].
0x0030 c898 8cf6 a69a a505 048f cd33 37b2 2806 ...........37.(.
0x0040 0000 0002 2c06 3330 3536 1908 4772 6f75 ....,.3056..Grou
0x0050 7030 1f0d 3333 3437 3139 3935 3538 3408 p0..33471995584.
0x0060 060a 8609 d0 .....
2016-12-07 11:14:41 DB 0 remove by IP [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
^C
1 packets received by filter
0 packets dropped by kernel
FG-5KD3915xxxxxx # diagnose test application radiusd 33
2016-12-07 11:14:47 RADIUS server database [vd root]:
2016-12-07 11:14:47 ** no entries **
2016-12-07 11:14:47
FG-5KD3915xxxxxx # con user radius
FG-5KD3915xxxxxx (radius) # ed RadiusRsso
FG-5KD3915xxxxxx (RadiusRsso) # show
config user radius
edit "RadiusRsso"
set rsso enable
set rsso-secret ENC HqbKDcEZ/fS/1FaX8IcWN/mLUqbgTwFi2614cqkTrCusw7Qfz3Yyc1kGIJg1VHuSFXGSoMwSeYcr97DAl4M5CsQVOR6umKUSYMhkEzguQhQr+za8NfKRKjHuvWi1xXGzI0I+yacm
W0zjeVshA696Jd1VLBRahXrD2TshPPEl+PVAFXGjX94RESG8xaJLv5qfpL05NQ==
set rsso-context-timeout 120
set rsso-flush-ip-session enable
next
end
FG-5KD3915xxxxxx (RadiusRsso) # set rsso-context-timeout 0
FG-5KD3915xxxxxx (RadiusRsso) # end
FG-5KD3915xxxxxx #
FG-5KD3915xxxxxx # ui config version changed
config change start
0: update vd root
server config 0 del
filled server 'RadiusRsso' for vdom 'root'
server config 0 add OK
if=mgmt1 interface is up to date (listen enabled)
Update config; timeout time 120 -> 0
db 0x142c0f90 removed timeout alarm
config change done
FG-5KD3915xxxxxx # diagnose debug application radiusd -1
FG-5KD3915xxxxxx # diag de en
FG-5KD3915xxxxxx # Received radius accounting eventvd 0:root Add/Update auth logon for IP 10.134.9.208 for user 33471995584
DB 0 insert [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481270573,00:00:00,"10.134.9.208","33471995584","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # Received radius accounting eventDB 0 update [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481270611,00:00:00,"10.134.9.208","33471995584","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # Received radius accounting eventvd 0:root Remove auth logon for IP 10.134.9.208 for user 33471995584
DB 0 remove by IP [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
** no entries **
FG-5KD3915xxxxxx # diagnose debug application radiusd -1
FG-5KD3915xxxxxx # di de en
FG-5KD3915xxxxxx #
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
** no entries **
FG-5KD3915xxxxxx # diagnose sys session filter src 10.134.9.208
FG-5KD3915xxxxxx # diagnose sys session filter dport 22
FG-5KD3915xxxxxx # di sniffer packet mgmt1 "port 1813" 6
interfaces=[mgmt1]
filters=[port 1813]
Received radius accounting eventvd 0:root Add/Update auth logon for IP 10.134.9.208 for user 33471995584
5.872179 mgmt1 -- 10.134.9.230.56928 -> 10.134.3.56.1813: udp 59
0x0000 085b 0ecc 31ec 0050 5601 671e 0800 4500 .[..1..PV.g...E.
0x0010 0057 7c6e 0000 8011 9bfe 0a86 09e6 0a86 .W|n............
0x0020 0338 de60 0715 0043 67f4 041f 003b 79e7 .8.`...Cg....;y.
0x0030 99b5 c775 4194 4f22 3891 d3a0 60b0 2806 ...uA.O"8...`.(.
0x0040 0000 0001 2c06 3330 3536 1908 4772 6f75 ....,.3056..Grou
0x0050 7030 1f0d 3333 3437 3139 3935 3538 3408 p0..33471995584.
0x0060 060a 8609 d0 .....
DB 0 insert [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
^C
1 packets received by filter
0 packets dropped by kernel
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481130309,00:01:53,"10.134.9.208","33471995584","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # Received radius accounting eventDB 0 update [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481130369,00:01:01,"10.134.9.208","33471995584","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # diagnose sys session list
session info: proto=6 proto_state=01 duration=19 expire=3587 timeout=3600 flags=00000010 sockflag=00000000 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
user=33471995584 state=log may_dirty authed none acct-ext
statistic(bytes/packets/allow_err): org=1880/13/1 reply=3243/12/1 tuples=2
tx speed(Bps/kbps): 97/0 rx speed(Bps/kbps): 168/1
orgin->sink: org pre->post, reply pre->post dev=3->9/9->3 gwy=10.5.31.1/10.134.9.208
hook=post dir=org act=snat 10.134.9.208:49182->10.5.31.1:22(10.5.19.56:49182)
hook=pre dir=reply act=dnat 10.5.31.1:22->10.5.19.56:49182(10.134.9.208:49182)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=2 auth_info=0 chk_client_info=0 vd=0
serial=00000550 tos=ff/ff app_list=0 app=0 url_cat=0
dd_type=0 dd_mode=0
npu_state=0x040000
no_ofld_reason: non-npu-intf
total session 1
FG-5KD3915xxxxxx # di sniffer packet mgmt1 "port 1813" 6
interfaces=[mgmt1]
filters=[port 1813]
Received radius accounting eventvd 0:root Remove auth logon for IP 10.134.9.208 for user 33471995584
5.311304 mgmt1 -- 10.134.9.230.56930 -> 10.134.3.56.1813: udp 59
0x0000 085b 0ecc 31ec 0050 5601 671e 0800 4500 .[..1..PV.g...E.
0x0010 0057 7c71 0000 8011 9bfb 0a86 09e6 0a86 .W|q............
0x0020 0338 de62 0715 0043 abf8 0421 003b ecf2 .8.b...C...!.;..
0x0030 2b93 0308 ad8e 01ee a7b5 24e8 fcf9 2806 +.........$...(.
0x0040 0000 0002 2c06 3330 3536 1908 4772 6f75 ....,.3056..Grou
0x0050 7030 1f0d 3333 3437 3139 3935 3538 3408 p0..33471995584.
DB 0 remove by IP [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
0x0060 060a 8609 d0 .....
^C
1 packets received by filter
0 packets dropped by kernel
FG-5KD3915xxxxxx # diagnose sys session list
session info: proto=6 proto_state=01 duration=38 expire=3595 timeout=3600 flags=00000010 sockflag=00000000 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
user=33471995584 state=log may_dirty authed none acct-ext
statistic(bytes/packets/allow_err): org=2256/15/1 reply=3391/14/1 tuples=2
tx speed(Bps/kbps): 19/0 rx speed(Bps/kbps): 7/0
orgin->sink: org pre->post, reply pre->post dev=3->9/9->3 gwy=10.5.31.1/10.134.9.208
hook=post dir=org act=snat 10.134.9.208:49182->10.5.31.1:22(10.5.19.56:49182)
hook=pre dir=reply act=dnat 10.5.31.1:22->10.5.19.56:49182(10.134.9.208:49182)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=2 auth_info=0 chk_client_info=0 vd=0
serial=00000550 tos=ff/ff app_list=0 app=0 url_cat=0
dd_type=0 dd_mode=0
npu_state=0x040000
no_ofld_reason: non-npu-intf
total session 1
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
** no entries **
FG-5KD3915xxxxxx # diagnose sys session list
session info: proto=6 proto_state=01 duration=44 expire=3589 timeout=3600 flags=00000010 sockflag=00000000 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
user=33471995584 state=log may_dirty authed none acct-ext
statistic(bytes/packets/allow_err): org=2256/15/1 reply=3391/14/1 tuples=2
tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
orgin->sink: org pre->post, reply pre->post dev=3->9/9->3 gwy=10.5.31.1/10.134.9.208
hook=post dir=org act=snat 10.134.9.208:49182->10.5.31.1:22(10.5.19.56:49182)
hook=pre dir=reply act=dnat 10.5.31.1:22->10.5.19.56:49182(10.134.9.208:49182)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=2 auth_info=0 chk_client_info=0 vd=0
serial=00000550 tos=ff/ff app_list=0 app=0 url_cat=0
dd_type=0 dd_mode=0
npu_state=0x040000
no_ofld_reason: non-npu-intf
total session 1
FG-5KD3915xxxxxx # con user radius
FG-5KD3915xxxxxx (radius) # show
config user radius
edit "RadiusRsso"
set rsso enable
set rsso-secret ENC 0t78S+eT+ApUuQtwLyurKTMXuD93mwUREcuPW4EcncFhhz80JyFO9q2fdbNd9PEAvuXL1jp4bqYMmcm9+BJfBjUypKXzNk8RFuuzeZ4GsJWPmIjtEXN+g
zCWcZG/1d/0cXAHFlOQNWQDzqijoAlY4BPDOH+EeRvGQHH/ggiLEZE8t3jnzi9uvZOGBipB00KkQzImKA==
set rsso-context-timeout 120
next
end
FG-5KD3915xxxxxx (radius) # edi RadiusRsso
FG-5KD3915xxxxxx (RadiusRsso) # get
name : RadiusRsso
timeout : 5
radius-coa : disable
h3c-compatibility : disable
username-case-sensitive: disable
class :
password-renewal : disable
rsso : enable
rsso-radius-server-port: 1813
rsso-radius-response: disable
rsso-validate-request-secret: disable
rsso-secret : *
rsso-endpoint-attribute: Calling-Station-Id
rsso-endpoint-block-attribute:
sso-attribute : Class
sso-attribute-key :
sso-attribute-value-override: enable
rsso-context-timeout: 120
rsso-log-period : 0
rsso-log-flags : protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other
rsso-flush-ip-session: disable
FG-5KD3915xxxxxx (RadiusRsso) # set rsso-flush-ip-session enable
FG-5KD3915xxxxxx (RadiusRsso) # end
FG-5KD3915xxxxxx # ui config version changed
FG-5KD3915xxxxxx # config change start
0: update vd root
server config 0 del
filled server 'RadiusRsso' for vdom 'root'
server config 0 add OK
if=mgmt1 interface is up to date (listen enabled)
config change done
FG-5KD3915xxxxxx #
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
** no entries **
FG-5KD3915xxxxxx # Received radius accounting eventvd 0:root Add/Update auth logon for IP 10.134.9.208 for user 33471995584
DB 0 insert [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
FG-5KD3915xxxxxx #
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481130565,00:01:56,"10.134.9.208","33471995584","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # diagnose sys session list
session info: proto=6 proto_state=01 duration=10 expire=3590 timeout=3600 flags=00000010 sockflag=00000000 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
user=33471995584 state=log may_dirty authed none acct-ext
statistic(bytes/packets/allow_err): org=1824/13/1 reply=3711/12/1 tuples=2
tx speed(Bps/kbps): 178/1 rx speed(Bps/kbps): 364/2
orgin->sink: org pre->post, reply pre->post dev=3->9/9->3 gwy=10.5.31.1/10.134.9.208
hook=post dir=org act=snat 10.134.9.208:49183->10.5.31.1:22(10.5.19.56:49183)
hook=pre dir=reply act=dnat 10.5.31.1:22->10.5.19.56:49183(10.134.9.208:49183)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=2 auth_info=0 chk_client_info=0 vd=0
serial=000006a9 tos=ff/ff app_list=0 app=0 url_cat=0
dd_type=0 dd_mode=0
npu_state=0x040000
no_ofld_reason: non-npu-intf
total session 1
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481130565,00:01:33,"10.134.9.208","33471995584","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # Received radius accounting eventvd 0:root Remove auth logon for IP 10.134.9.208 for user 33471995584
DB 0 remove by IP [ep='33471995584' pg='Group0' ip='10.134.9.208'] success
FG-5KD3915xxxxxx # diagnose sys session list
total session 0
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
** no entries **
Related Articles
Technical Note: Custom FortiGate IPS signature to block Interim Radius packets
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.