RADIUS sessions
You can monitor RADIUS activity and log out users.
To view currently active RADIUS accounting sessions, go to Monitor > Authentication > RADIUS Sessions.
The page shows the user's name, type, IP address, MAC address, and RADIUS client, duration, and data usage columns. More specifically, Accounting-Start Interim-Update packets are received. A user session is removed from this table after the Accounting-Stop packet is received, or the session doesn't receive any RADIUS accounting packets before the timeout period expires.
To log out a user as an admin, select the user from the table and select Logoff.
There are two pages to view: Active and Cumulative. Select Cumulative to view statistics for user who have a time and/or data usage limit. This information may be accumulated through a succession of RADIUS accounting sessions. A user's stats are removed when explicitly deleted by the administrator (by selecting the user and selecting Delete), or when the user's account itself is deleted.
Select Clear to clear the cumulative RADIUS accounting sessions in the Cumulative tab. |
While administrators can log out users, they can also reset a user's time and/or data usage using Reset Usage.
For more information on user time and data usage limits, see Usage profile.
RADIUS accounting sessions can be configured to timeout after a specific time period has been reached. To do so, see General.
RADIUS accounting features
FortiAuthenticator offers three separate RADIUS accounting features:
- RADIUS accounting proxy: As the name implies, this feature relays, i.e., proxies RADIUS accounting messages between external RADIUS accounting clients and servers. Depending on its configuration, FortiAuthenticator may add/delete/modify the attributes of the RADIUS accounting requests it proxies.
- RADIUS accounting for FSSO: FortiAuthenticator uses the RADIUS session information from the RADIUS accounting requests to detect end-user logins, logouts, and IP address updates to create/update/delete FSSO sessions.
- RADIUS accounting for usage profile: FortiAuthenticator uses the RADIUS session information from the RADIUS accounting requests to track and restrict end-users' time and/or data usage.
Features 1 and 2 process the RADIUS accounting messages received on the UDP port specified by the Accounting SSO port option in Authentication > RADIUS Service > Services. |
Feature 3 processes the RADIUS accounting messages received on the UDP port specified by the Accounting monitor port option in Authentication > RADIUS Service > Services. |