Skip to content
Last update: 2021-10-15

RADIUS server

Remote Authentication Dial In User Service is a protocol that allows network devices such as routers to authenticate users against a database.

Passwords are encrypted using the RADIUS secret. Authorization to access a service is granted when a request matches a group of attributes such as the IP address of the requesting client. Authentication and authorization data are stored in user profiles. RADIUS also supports accounting, which is commonly used for billing and statistical purposes.

General settings

Server IP: IP address of the server.

Authentication port: Port to use for authentication. The default value is 1812.

Enable accounting: Enable accounting on the RADIUS server.

The firewall sends accounting start request and time to the server when the user logs on, and accounting stop request and time when the user logs off. Supported client types: Windows client, HTTP client, Linux client, Android, iOS, iOS HTTP client, Android HTTP client, API client.

Note

The accounting stop message is not sent to the server when the firewall shuts down or reboots.

Accounting port : Port number to use for sending accounting information from the firewall to the RADIUS server. The default value is 1813.

Shared secret: Text string that serves as the password between the client and the server.

Group name attribute: Alias for the configured group name which is displayed to the user.

NAS-identifier: String identifying the NAS originating the access request, for example, an FQDN.

NAS-port-type: Type of the physical port of the NAS which is authenticating the user.

More resources

Back to top