Testing
Once configured, a user only needs to log on to their PC using their RADIUS account. After that when they attempt to access an Internet website, the FortiGate unit will use their session information to get their RADIUS information. Once the user is verified, they are allowed access to the website.
To test the configuration perform the following steps:
1. Have user ‘plee’ logon to their PC, and try to access an Internet website.
2. The FortiGate unit will contact the RADUS server for user plee’s information.
Once confirmed, plee will have access to the website.
Each step generates log entries that enable you to verify that each step was successful.
3. If a step is unsuccessful, confirm that your configuration is correct.
RADIUS SSO test
Troubleshooting
In the web-based manager, a good tool for troubleshooting is the packet counter column on the security policy page (Policy > Policy). This column displays the number of packets that have passed through this security policy. Its value when you are troubleshooting is that when you are testing your configuration (end to end connectivity, user authentication, policy use) watching the packet count for an increase confirms any other methods you may be using for troubleshooting. It provides the key of which policy is allowing the traffic, useful information if you expect a user to require authentication and it never happens. For more information about authentication security policies, see “Authentication in security policies”.
This section addresses how to get more information from the CLI about users and user authentication attempts to help troubleshoot failed authentication attempts.
diag firewall iprope list
Shows the IP that the computer connected from. This is useful to confirm authorization and VPN settings.
diag firewall iprope clear
Clear all authorized users from the current list. Useful to force users to re-authenticate after system or group changes. However, this command may easily result in many users having to re-authenticate, so use carefully.
diag rsso query ip
diag rsso query rsso-key
Queries the RSSO database.
For more information on troubleshooting specific features, go to that section of this document. Most sections have troubleshooting information at the end of the section. In addition to that information, see the FortiOS Handbook Troubleshooting guide for general troubleshooting information.