Add a RADIUS server

Remote Authentication Dial In User Service is a protocol that allows network devices such as routers to authenticate users against a database. Passwords are encrypted using the RADIUS secret. Authorization to access a service is granted when a request matches a group of attributes such as the IP address of the requesting client. Authentication and authorization data are stored in user profiles. RADIUS also supports accounting, which is commonly used for billing and statistical purposes. When you add an authentication server, you define an external server and provide settings for managing access to it.

  1. Go to Authentication > Servers and click Add.
  2. From the Server type list, select RADIUS server.
  3. Type a name.
  4. Type an IP address.
  5. Specify the settings.
    OptionDescription
    Authentication port Port to use for authentication. The default value is 1812.
    Time-out

    Time within which the authentication must be completed.

    Acceptable range: 1 to 60 seconds

    Enable accounting Enable accounting on the RADIUS server.

    The firewall sends accounting start request and time to the server when the user logs on, and accounting stop request and time when the user logs off. Supported client types: Windows client, HTTP client, Linux client, Android, iOS, iOS HTTP client, Android HTTP client, API client.

    Note The accounting stop message is not sent to the server when the firewall shuts down or reboots.
    Accounting port Port number to use for sending accounting information from the firewall to the RADIUS server. The default value is 1813.
    Shared secret Text string that serves as the password between the client and the server.
    Group name attribute Alias for the configured group name which is displayed to the user.
  6. Optional Click Enable additional settings and specify settings.
    OptionDescription
    NAS-identifier String identifying the NAS originating the access request, for example, an FQDN.
    NAS-port-type Type of the physical port of the NAS which is authenticating the user.
  7. Click Test connection to validate the user credentials and check the connection to the server.
  8. Select Save.

Go to Authentication > Services and select servers to use for service authentication.