Hi,
We have a setup with a cisco controller connected to 2 cisco APs that use Windows Server 2012 NPS for 802.1x authentication. This works 100%, users can connect and can get to local resourses, DC, printers, Gateway etc...
However we use a fortigate 60D as our firewall and when setting user based access polices on the fortigate, wireless machines and devices (cellphones, ipads) do not get access to the internet. What I have discovered is the fortigate requires the NPS server to forwards accounting messages to it on UDP 1813. I have added the fortigate to the "Remote RADIUS server groups" on the NPS and set the "Connection request policy" to forward accounting messages to said "Radius group"
However when monitoring with wireshark, when a user joins the wireless the server does not send any packets destined for UDP 1813, i can only see messages being sent to the cisco kit on UDP 1812.
The only way i have gotten this to work is by setting the cisco controller to send the accounting messages instead. Any help as to why the NPS server is not sending these messages would be greatly appreciated?
Regards