Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=RADIUSServer

RADIUS server

Remote Authentication Dial In User Service is a protocol that allows network devices, such as routers to authenticate users against a database.

Passwords are encrypted using the RADIUS secret. Authorization to access a service is granted when a request matches a group of attributes, such as the IP address of the requesting client. Authentication and authorization data are stored in user profiles. RADIUS also supports accounting, which is commonly used for billing and statistical purposes.

General settings

Server IP: IP address of the server.

Authentication port: Port to use for authentication. The default value is 1812.

Enable accounting: Enable accounting on the RADIUS server.

The firewall sends accounting start request and time to the server when the user logs on, and accounting stop request and time when the user logs off. Supported client types: Windows client, HTTP client, Linux client, Android, iOS, iOS HTTP client, Android HTTP client, API client.

Note

The accounting stop message is not sent to the server when the firewall shuts down or restarts.

Accounting port: Port number to use for sending accounting information from the firewall to the RADIUS server. The default value is 1813.

Shared secret: Text string that serves as the password between the client and server.

Group name attribute: Alias for the configured group name shown to the user.

NAS-identifier: String identifying the NAS originating the access request, for example an FQDN.

NAS-port-type: Type of the physical port of the NAS that is authenticating the user.

More resources