Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎05-06-2020 07:43 AM Edited on ‎02-03-2022 10:05 AM By Anonymous

Article Id 196984

Technical Tip: RADIUS processing stops in distributed deployment

Description

During the RADIUS authentication process, certain lookups occur between the managed appliance and the Control Manager (NCM).  The processing of RADIUS traffic can be delayed or timeout if network communication with the Control Manager is slow or inconsistent (example: appliance communicating to Manager over a slow WAN connection).


Scope
Version:  8.5.3, 8.6.1, 8.7.0 and above

Solution
Addressed in 8.6.4 and 8.7.2 with an additional step of modifying a property file to disable remote host lookups for RADIUS authentication.  For assistance, contact Support.

Note.
The steps below instruct modifying the property file prior to upgrading.  The modification of this file can be done either before or after the upgrade, however, an additional restart of processes on every Primary Control Server will be required if modified after.

 
The following steps must be performed on each Server/Control Server managed by the Control Manager.

1) Login to CLI as root.
2) Go to the /bsc/campusMgr/master_loader directory.
3) Use an editor such as VI to open the .masterPropertyFile file.
4) Add the following entry and save the file:

FILE_NAME=./properties_plugin/radiusManager.properties
{
com.bsc.plugin.radius.RadiusServer.disableRemoteClientLookups=true
}

5) Upgrade appliances.  For details, refer to the Upgrade Instructions and Considerations guide in the Fortinet Document Library.

6) The radiusManager.properties file should now reflect the changes.  To view, login to the appliance CLI and type:

cat /bsc/campusMgr/master_loader/properties_plugin/radiusManager.properties | grep disableRemoteClientLookups
Modifying file after upgrade.
 
If the upgrade was performed first, follow the below instructions on every managed Primary Control Server:
 

1) Modify the file as described above (steps 1-4).

 
2) Stop processes. Type.
shutdownCampusMgr
3) Wait 30 seconds.
 
4) Start processes. Type.
startupCampusMgr

5) The radiusManager.properties file reflects now the changes.  To view, login to the appliance CLI and type:

cat /bsc/campusMgr/master_loader/properties_plugin/radiusManager.properties | grep disableRemoteClientLookups
Labels:
288
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.