Applies To: Cloud-managed Fireboxes
RADIUS (Remote Authentication Dial-In User Service) authenticates local and remote users on a company network. RADIUS is a client/server system that keeps the authentication information for users, remote access servers, VPN gateways, and other resources in one central database.
To configure a cloud-managed Firebox to use RADIUS authentication, you can add a RADIUS server to an authentication domain, and then configure Fireboxes in your account to use that domain for authentication.
RADIUS Authentication Methods
A cloud-managed Firebox uses these authentication protocols for user authentication with a RADIUS server:
- Firewall authentication — PAP (Password Authentication Protocol)
- Mobile VPN authentication — EAP-MSCHAPv2
Before You Begin
Before you configure your Firebox to use a RADIUS authentication server, you must have this information for each RADIUS server:
- Primary RADIUS server — IP address and RADIUS port
- Secondary RADIUS server (optional) — IP address and RADIUS port
- Shared secret — Case-sensitive password that is the same on the WatchGuard Cloud authentication domain and on the RADIUS server
- Authentication methods — Configure your RADIUS server to allow the authentication method your Firebox uses: PAP, EAP-MSCHAPv2
Configure RADIUS Authentication for a Cloud-Managed Firebox
To use RADIUS server authentication with a cloud-managed Firebox, you must:
- Add the IP address of the Firebox to the RADIUS server, to configure the Firebox as a RADIUS client.
- Add the RADIUS server to a WatchGuard Cloud authentication domain, and specify the server IP address and shared secret. For more information, see Add an Authentication Domain to WatchGuard Cloud.
- If you have a secondary RADIUS server, add it to the same authentication domain. For more information, see Add Servers to an Authentication Domain.
- Add users or groups to the authentication domain. For more information, see Add Users and Groups to an Authentication Domain.
- Add the authentication domain to the Firebox configuration. For more information, see Add an Authentication Domain to a Firebox.
- Select the user or group names in Firebox policies. For more information, see Configure the Source and Destination in a Firewall Policy.