Related Topics

Configure RADIUS Server Authentication

RADIUS (Remote Authentication Dial-In User Service) authenticates the local and remote users on a company network. RADIUS is a client/server system that keeps the authentication information for users, remote access servers, VPN gateways, and other resources in one central database.

For more information on RADIUS authentication, see How RADIUS Server Authentication Works.

Authentication Key

The authentication messages to and from the RADIUS server use an authentication key, not a password. This authentication key, or shared secret, must be the same on the RADIUS client and server. Without this key, there is no communication between the client and server.

RADIUS Authentication Methods

For web and Mobile VPN with IPSec or SSL authentication, RADIUS supports only PAP (Password Authentication Protocol) authentication.

For authentication with L2TP, RADIUS supports only MSCHAPv2 (Microsoft Challenge-Handshake Authentication Protocol version 2).

For authentication with WPA Enterprise and WPA2 Enterprise authentication methods, RADIUS supports the EAP (Extensible Authentication Protocol) framework.

For Mobile VPN with IKEv2 authentication, RADIUS supports EAP-MSCHAPv2.

Before You Begin

Before you configure your Firebox to use your RADIUS authentication server, you must have this information:

  • Primary RADIUS server — IP address and RADIUS port
  • Secondary RADIUS server (optional) — IP address and RADIUS port
  • Shared secret — Case-sensitive password that is the same on the device and the RADIUS server
  • Authentication methods — Set your RADIUS server to allow the authentication method your device uses: PAP, MS CHAP v2, WPA Enterprise, WPA2 Enterprise, or WPA/WPA2 Enterprise

Use RADIUS Server Authentication with Your Device

To use RADIUS server authentication with your Firebox, you must:

  • Add the IP address of the Firebox to the RADIUS server as described in the documentation from your RADIUS vendor.
  • Enable and specify the RADIUS server in your Firebox configuration.
  • Add RADIUS user names or group names to your policies.

See Also

About Third-Party Authentication Servers

Use Users and Groups in Policies

WPA/WPA2 Enterprise Authentication with RADIUS

RADIUS Authentication with Active Directory For Mobile VPN Users

Give Us Feedback     Get Support     All Product Documentation     Technical Search