Radius

RADIUS is a standard authentication protocol running in client-server mode. It allows defining network access for remote users. This protocol is equipped with a server linked to an identification database (e.g. LDAP directory). The firewall can act as a RADIUS client and can therefore send to an external RADIUS server the authentication requests of users wishing to pass through the firewall. The user will only be authenticated on the Firewall if the RADIUS server accepts the authentication request sent by the Firewall.

All RADIUS transactions (communications between the Firewall and the RADIUS server) are themselves authenticated using a pre-shared secret, which is never transmitted over the network. This same secret will be used to encrypt the user password, which will pass through the Firewall and RADIUS server.

After having selected your authentication method from the left column, you can enter information about it in the right column.

Access to the server

When the RADIUS method is selected, enter the information relating to your external RADIUS server and a backup RADIUS server, if there is one.

Server

Select from the drop-down list the object representing the RADIUS server. If this object does not yet exist, you can create it by clicking on the relevant icon.

Since RADIUS authentication supports IPv6, the selected object can therefore have an IPv6 address if the firewall is configured to use this protocol.

Port Port used by the RADIUS server. By default, UDP port 1812 named RADIUS is selected. You can set another port by selecting it from the drop-down list or by creating a new object.
Pre-shared key Key used for encrypting exchanges between the firewall and the RADIUS server.

Backup server

Server

Select from the drop-down list the object representing the backup server. If this object does not yet exist, you can create it by clicking on the relevant icon.

Since RADIUS authentication supports IPv6, the selected object can therefore have an IPv6 address if the firewall is configured to use this protocol.

Port Port used for the backup server. By default, UDP port 1812 named RADIUS is selected. You can set another port by selecting it from the drop-down list or by creating a new object.
Pre-shared key Key used for encrypting exchanges between the firewall and the backup server.
NOTES
  • The default timeout allowed to set up a connection to a RADIUS server is set to 3000 milliseconds, i.e., 3 seconds, and the number of tries is set to 1.
  • The idle timeout and number of tries to connect to the main and backup RADIUS servers can be configured by using the CLI/Serverd command CONFIG AUTH RADIUS. These commands are explained in detail in the CLI SERVERD Commands Reference Guide.