Description | This article describes what needs to be verified from the FortiConnect side when FortiConnect side logs show that Authentication succeeded but the authorization policy has denied access. |
Scope | FortiConnect. |
Solution |
Wireless clients connect to the SSID and get the External captive portal page from the Forti Connect. After supplying the username and password credentials, it shows a blank page.
Troubleshooting to be done:
It shows the following:
12:02:35.3862+00,Complete,23,172.31.254.2,46,1,3,In,MS-CHAP-Error,7E=691 R=1 C=b7ff2f635548b5241513169a37519518 V=3 M=Authentication rejected
In this case, the Dashboard logs show that 192.168.60.6 users are trying to authenticate from an invalid location/ wrong location. 192.168.60.6 is the wireless client's IP address.
Dashboard logs show that some entries with location are missing under the Authorization profile.
The format for the subnets should be as follows: Subnet/subnet mask. 3. The above-mentioned subnet and subnet mask values allow the requests to come from the specific subnet. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.